Information Systems Security Manager

Develops and administers information security procedures for systems in support of government agencies in the performance of classified programs and projects. Performs self-inspections and ensures compliance with applicable government security policies and procedures. Investigates information system security violations and implements corrective actions. Develops and implements information system security education and awareness programs. Serves and liaison to and interacts with government agencies to ensure compliance with policies and regulations.

Acts as a technical expert on program security. Performs work requiring advanced technical knowledge, often involving multiple phases and significant collaboration. Applies in-depth technical knowledge to independently and innovatively solve a full range of complex and sometimes unusual problems that impact organizational success. Brings industry-level expertise to function and recommends changes to remain up-to-date or competitive. Establishes processes and procedures to ensure the effective and efficient operation of a complex function. Has authority to take whatever action deemed advisable or necessary, subject only to organizational and departmental policies and processes. May provide work direction for less senior employees.

Responsibilities

Develops and administers information security procedures for information systems in support of government agencies in the performance of classified programs and projects.

• Develops and executes an IT program detailed security policies, plans, and procedures that exceeds customer expectations and minimizes security risks.
• Serves as management official and point-of-contact for all information system issues involving sensitive and classified information.
• Manages security controls to ensure confidentiality, integrity, and availability of information and information systems; builds security into the development process and defines security specifications to support the acquisition of new systems, reviews all secure systems procurements to ensure that security has been considered and included.
• Provides strategic guidance and advice on secure meetings and state-of-the-art conference room technologies.
• Serves as liaison with program staff and other customers and can respond to short-notice tasks and provides security engineering and integration services to staff and other customers.
• Investigates information system security violations and prepares reports specifying corrective actions for the current situation and preventative actions to be taken in the future.
• Proactively coordinates the establishment of system security controls to protect sensitive government and institution information using authentication techniques, encryption, firewalls, and access controls.
• Maintain systems in accordance with the security plan and Authorization to Operate (ATO).
• Audits, monitors, and performs self-inspections of applications, systems, and security logs for security threats, vulnerabilities, and suspicious activities.
• Implement measures to protect data from physical destruction or theft. Ensure that back-up procedures are in place for data recovery.
• Conducts risk assessments of all systems and mitigates vulnerabilities wherever feasible.
• Develops and implements information system security training, education, and awareness programs for all system users.
• Interacts with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with Chapter 8 of NISPOM and other regulations.
• Ensures compliance with the National Industrial Security Program Operating Manual (NISPOM), DCSA Assessment and Authorization Process Manual (DAAPM), Department of Defense (DoD) regulations, Intelligence Community Directives (ICDs) and Security Technical Implementation Guides (STIGs).
• Prepares documentation, including Information Security Plans, outlining regulations, and establishing information security policy.
• Ensures all users have the requisite security clearances, authorization, and Need-to-Know (NTK).
• Complete required ISSM training within 6 months of hire.
• Maintains appropriate standard of confidentiality. When handling secure, privileged, sensitive, or confidential information and matters, maintains strict confidence and exercises care to prevent disclosure to others. Accesses confidential information for work-related reasons only, following the policies and procedures of the organization. Ensures that any privileged, sensitive, or confidential information is securely stored, disposed of, and transmitted according to the Institutional guidance.

NONESSENTIAL JOB DUTIES

• Related duties and special projects as assigned.

Requirements

Required Knowledge, Skills, and Abilities:

• Thorough understanding of the NISPOM chapter 8 requirements.
• Experience developing Information Systems security plans, policy, and procedures.
• Experience configuring laptops/desktops/servers, install applications, setup network infrastructure and troubleshoot as required.
• Have a strong understanding of computer operating systems (Windows and Linux), software and computer hardware.
• Experience with Windows account administration, group policy administration, and directory permissions.
• Experience with Windows Active Directory, Domain Controllers, Certificate Authority, DNS, DHCP, and Windows Update Services.
• Experience maintaining and auditing Cisco ISE, switches, routers, and firewall.
• Experience maintaining and auditing Palo Alto Intrusion Detection System.
• Experience with security event and Incident management utilizing Splunk.
• Experience with vulnerability management utilizing Tenable Nexus.
• Experience establishing and maintaining SIPRNet connectivity.
• Information Systems Security knowledge in system auditing.
• Lead Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessments (SVA), Command Cyber Readiness Inspections (CCRI) and Other Government Agency (OGA) inspections.
• Knowledge of the DoD Risk Assessment Methodology (DRAM).
• Experience with Plan of Actions and Milestones (POA&M) tracking.
• Experience with a Risk Management Framework (RMF) accreditation processes.
• Experience working in complex environments with a high degree of organizational effectiveness.
• Ability to work independently and with a team in a fast-paced environment.
• Excellent communication skills with a proven ability to effectively interact with all levels of employees, contractors, and customers.

Minimum Education/Training Requirements: Bachelor’s degree in applicable field of Information Technology study including Computer Science or a related field, or equivalent knowledge.

Minimum Experience: Five years of related experience in an information systems security environment.

Physical Capabilities: Ability to work at a computer for extended periods of time.

Required Licenses, Certification or Registration: U.S. Citizenship. Active DoD Top Secret/DOE Q clearance. Possess a DoD 8570 IAM level III baseline certification (CISM, CISSP or other).

Supervisory Responsibilities/Controls: Reports to Director. General direction is provided. Works closely with Information Technology Services (ITS) department.