INFORMATION SYSTEMS SECURITY MANAGER (ISSM)

INFORMATION SYSTEMS SECURITY MANAGER (ISSM)

LOCATION: Hybrid; Dayton, OH

ELIGIBILITY: US Citizen

CLEARANCE: Successful Background Check Required. Ability to obtain Secret Clearance.

POSITION: Principal Information Systems Security Engineer

DESCRIPTION:

The ideal Information Systems Security Manager (ISSM) candidate is a dynamic, highly motivated and well-organized Principal Security Engineer with experience administering security policies and procedures on secure information systems and managing teams of engineers to accomplish functional, operational, and compliance risk activities. 

The ISSM can evaluate system vulnerability and create disaster recovery plans; and has knowledge of the range of methods available to prevent data loss and illegal access.

RESPONSIBILITY: Performs advanced and complex systematic reviews of selected functions to determine application and design of systems or models. Develops and updates functional or operating manuals outlining established methods of performing work in accordance with organizational policy. Acting as the technical manager, manages program consisting of multiple projects including project identification, design, development and delivery. Provides technical guidance and assists with problem resolution.

General Experience/Minimum Education: Twelve (12) years of experience. Bachelor's Degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.

Responsibilities include:

• Manage the overall Security Program.
• Assist with technical security activities relative to the development, acquisition, and sustainment of aeronautical weapon systems, subsystems, and associated support systems such as software code reviews, vulnerability assessments, Program Protection Plans, CDRL development, and threat scenarios.
• Assist with implementation of Information, Personnel, Physical, Industrial, and Communications Security.
• Assist with program protection, technology control, protection of FOUO information, and other information requiring protection ensuring compliance with related DoD and AF instructions.
• Support development and implementation of common cybersecurity classification guidance.
• Responsibility for the development of security control overlays.
• Support creation and implementation of a security scorecard for monitoring Requirements, Controls, Oversight, Incidents.
• Ensure the implementation and currency of security settings per STIG requirements.
• Creates and maintain all required RMF documentation for program materiel.
• Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel and especially PowerPoint) and other standard (customer-specified) applications.
• Provide rapid response engineering service and support as augmentation to organic resources through in-depth problem identification, impact assessment, and development of corrective actions for critical supportability problems within the scope of CRST charter. The Contractor shall provide consultation on cyber-related training.
• Coordinate cybersecurity incident response efforts and/or teams as needed.

REQUIREMENTS:

• All candidates must be U.S. Citizens (due to Clearance requirements).
• All candidates must pass a background check.
• A current Secret (or higher) level U.S. government security clearance is desired.
• The ability to obtain a Top Secret clearance is required.

REQUIRED SKILLS & QUALIFICATIONS:

• Ability to obtain a Top Secret Clearance is required.
• 8 + years of experience in a government office environment (remote or on-site) or working with a federal agency.
• U.S. citizenship required.
• Executive briefing experience desired.
• Minimum 2-year ISSM experience is required.
• DoD 8570 certification in compliance with IAM Level III.
• Experience implementing DoD system accreditation processes (e.g. NIST-RMF, FedRAMP).
• Working knowledge of NIST/CMMC policies is required.
• Experience with DISA STIGs and SRGs, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools.
• Experience with NISPOM requirements.
• Must have the ability to create, review and edit authorization documentation for completeness and accuracy in accordance with federal and DoD policy.
• Experience with maintaining appropriate facility security databases including, but not limited to, NISS, DISS, eMASS, e-QIP, SWFT.
• Familiar with Aircraft cybersecurity testing and Airworthiness safety programs

MINIMUM EDUCATION:

ABET-accredited Master’s degree in an engineering discipline or technical discipline (i.e. Computer Science, Information Systems, Computer Engineering, etc.) or relevant professional experience. No degree is required if the person meets the above qualifications and has at least 12 years of professional experience. 

DESIRED SKILLS:

• Red Team / Blue Team experience desired
• Penetration testing experience desired
• Excellent verbal and written communication skills
• Experience with Azure, AWS, and/or Google cloud platforms is highly desired.
• MS Degree in Computer Science, Electrical Engineering, Information Systems, or similar is highly desired.
• Prior experience or familiarity with Distributed Computing and Big Data Platforms is a plus.
• Data parsing/transforming techniques to include JSON, XML, CSV formats.
• Strong interest in in learning new tools, languages, workflows, and philosophies