Information Systems Security Manager

1 month ago


Arlington, United States Credence company Full time


Information Systems Security Manager

Job Locations

US-VA-Rosslyn

ID

2024-8250

Category

Other

Type

Regular Full-Time

Overview

The Information Systems Security Manager (ISSM) is responsible for implementing and overseeing cyber hygiene for all refugee operational activities within the Refugee Processing Center (RPC). Reporting directly to the Project Manager and Deputy Project Manager for the RPC project.

Responsibilities include, but are not limited to the duties listed below

  • Supports the PM and DPM in executing the RPC project.
  • Ensure that all IT systems are compliant with NIST, FISMA, and other governmental security requirements.
  • Lead the development and implementation of the System Security Plan (SSP) and all associated documentation required for the RMF Assessment and Authorization process.
  • Collaborate closely with Authorizing Officials representatives, stakeholders, and subject matter experts to gather the necessary information and ensure compliance with all applicable security policies and guidelines.
  • Play a crucial role in managing, developing, and executing Continuous monitoring plan to ensure all FISMA system remain compliant by actively participating in the IT change management process. Assess and provide mitigation recommendation for potential security risks associated with system changes.
  • Coordinate and collaborate with system owners and information owners to ensure seamless and secure implementation of changes to the system. This includes coordinating change management processes, assessing potential security or privacy impacts, and working towards effective resolutions.
  • Conduct thorough assessments of the security or privacy impact resulting from system changes, considering factors such as data sensitivity, access controls, confidentiality, integrity, and availability. Provide recommendations and guidance for mitigating any identified risks or vulnerabilities.
  • Collaborate with cross-functional teams and subject matter experts to identify, evaluate, and implement security controls and measures necessary to maintain the security posture of the system(s).
  • Provide expert guidance and support to project teams regarding security requirements and controls during system development, integration, and maintenance phases.
  • Coordinate with cross-functional teams to ensure that security controls are integrated seamlessly into system architectures and configurations.
  • Collaborate with Department of State and/or external auditors and assessors during security assessments and audits, addressing any findings and facilitating the timely resolution of identified issues.
  • Manage the Plan of Actions and Milestones (POA&M) process, ensuring that identified security weaknesses and vulnerabilities are promptly documented, tracked, and remediated.
  • Collaborate with relevant teams and stakeholders to prioritize and address items on the POA&M, ensuring timely remediation actions are taken to maintain the security posture of the systems.
  • Provide timely and accurate information in response to data calls and queries from internal and external partners, such as IRM/A&A, GITR, and other government agencies.
  • Interpret interdepartmental and government directives related to security requirements, policies, and guidelines, and effectively communicate these directives to cross-functional teams.
  • Facilitate cross-team communication and coordination to ensure that security-related issues are addressed in a timely manner, promoting efficient remediation efforts.
  • Monitor and assess the impact of interdepartmental and government directives on existing systems, identifying necessary adjustments or changes to maintain compliance and security.
  • Collaborate with relevant teams to develop and implement action plans for timely remediation of security vulnerabilities and non-compliant areas based on interpreted directives.
  • Stay informed about emerging security trends, changes in regulations, and industry best practices, incorporating this knowledge into cross-team communications and remediation efforts.
  • Guide and manage the ISSO team to ensure optimal performance. Provide mentorship, training, and manage resources and workloads effectively.
  • Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing, and revoking passwords.
  • Prepare and present regular reports detailing the status of the IT security landscape, including project status, active tasks, team's updates, and compliance status.
  • Performs complex product evaluations, recommends, and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
  • Reviews, recommends, and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
  • Research, evaluate and recommend new security tools, techniques, and technologies and introduce them to the enterprise in alignment with IT security strategy.
  • Serve as a A/ISSO for RPC and liaison between the RPC and Department of State IRM/IA
  • Collaborate with Change, Problem, and Release Management for security impacts to the environment.
  • Review new security solutions designs and specifications to validate they are ready for existing security operations environment.
  • Provide recommendations to the PM, DPM, and government client.
  • Present recommendations to CISO as needed.
Education, Requirements and Qualifications
  • US citizen with the ability to obtain a Secret or Top Secret/SCI security clearance is required.
  • BS degree in Computer Science, or other IT related fields, Cyber, or Information Assurance or 10+ years of experience as an ISSO in lieu of a Bachelor's degree
  • CISSP certification is required.
  • PMP certification is preferred.
  • Minimum of five (5) years of progressive management experience
  • At least ten (10) years of hands-on experience in developing and implementing RMF framework and A&A processes, specifically focused on developing SSP packages for achieving ATO for FISMA system.
  • Ability to prepare management, business, technical, and personnel reports, reviews, and documents for internal and external use.
  • Broad range of knowledge and experience with Security and System Architecture
  • Understanding of, and experience applying industry security policies, regulations, and guidelines such as NIST, FISMA, and SANs top 20 controls, etc.
  • Knowledge of change control and change management process, project management, Enterprise Architecture frameworks, SDLC, Security Policy.
  • Knowledge of ports, protocols, and the OSI Model.
  • Knowledge of key security capabilities such as e-forensics, logging/SIEM, risk management, PKI, IPsec, vulnerability management, A&A, continuous monitoring, disaster recovery, network, and endpoint security.
  • Experience conducting analysis and providing recommendations on new or existing security capabilities.
  • Excellent communication skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
  • Experience working with IP networking, networking protocols, and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail, and access-lists.
  • Experience working with internet, web, application, and network security techniques.
  • Experience working with relevant operating system security (Windows, Solaris, Linux, etc.)
  • Strong analytical and problem-solving skills to troubleshoot and resolve security issues.
  • Ability to perform and interpret vulnerability assessments.
  • Ability to balance and prioritize work and work in a team environment.
  • Experience with the Federal government, preferably with Department of State or DHS


Need help finding the right job?

We can recommend jobs specifically for you
Click here to get started.

  • Arlington, Virginia, United States P-11 Security Inc Full time

    Are you a seasoned Information Systems Security Leadership professional looking for a new challenge? P-11 Security Inc is seeking an experienced ISSM to join our team as a Senior Cyber Security Consultant. In this role, you will work closely with our clients to assess and improve their information systems security posture, providing expert guidance and...


  • Arlington, Virginia, United States ISHPI Information Technology Full time

    Job Description:At ISHPI Information Technologies, Inc., we are passionate about delivering innovative business solutions using emerging technologies. As a member of our group, you will work with a team focused on delivering high-quality technical solutions for major government and business organizations.**Key Responsibilities:**- Provide support to the...


  • Arlington, United States Department of Homeland Security Full time

    The Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), Office of the Chief Information Officer (OCIO), Information Security Subdivision is recruiting for an Information System Security Engineer (ISSE) for the coordination, implementation, and/or enforcement of assigned information systems cybersecurity...


  • Arlington, United States Maximus Full time

    General information Job Posting Title Information Systems Security Manager Date Tuesday, June 18, 2024 City Arlington State VA Country United States Working time Full-time Description & Requirements Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to...


  • Arlington, Virginia, United States Rollout Systems Full time

    Job SummaryWe are seeking a highly skilled Information Assurance Security Specialist to join our team at Rollout Systems. As a key member of our cybersecurity team, you will be responsible for ensuring the security and integrity of our information systems and networks.Key ResponsibilitiesDetermine enterprise information assurance and security...


  • Arlington, United States The Brixton Group, Inc. Full time

    Responsibilities:Develop, implement, and maintain a comprehensive information security program that includes policies, procedures, and guidelines to protect the organization’s information assets.Regularly review and update the information security program to ensure it remains effective and aligned with industry best practices and regulatory...


  • Arlington, United States The Brixton Group, Inc. Full time

    Responsibilities:Develop, implement, and maintain a comprehensive information security program that includes policies, procedures, and guidelines to protect the organization’s information assets.Regularly review and update the information security program to ensure it remains effective and aligned with industry best practices and regulatory...


  • Arlington, United States International Staff Consulting Full time

    We are currently recruiting for or an ISSM who will be take responsibility for classified programs Cybersecurity/ Risk Management Framework (RMF) posture in accordance with government directives and program requirements. In this significant and dynamic position, you will interface directly with the government cognizant security agency (CSA) and collaborate...


  • Arlington, United States SecuriGence LLC Full time

    Job Title: Information System Security Manager (ISSM) Location: Arlington, Virginia Clearance Level: Top Secret Clearance (SCI Eligibility preferred) Summary SecuriGence delivers essential technology services supporting critical national security missions. We seek an Information System Security Manager (ISSM) to lead and strengthen our security posture....


  • Arlington, United States The Brixton Group, Inc. Full time

    Responsibilities:Technical Security Expertise:- Provide technical expertise in the design, implementation, and maintenance of security solutions.- Ensure that security measures are integrated into the information system throughout its lifecycle.Configuration and Management of Security Tools:- Configure, administer, and maintain security tools, including...


  • Arlington, United States The Brixton Group, Inc. Full time

    Responsibilities:Technical Security Expertise:- Provide technical expertise in the design, implementation, and maintenance of security solutions.- Ensure that security measures are integrated into the information system throughout its lifecycle.Configuration and Management of Security Tools:- Configure, administer, and maintain security tools, including...


  • Arlington, United States ISHPI Information Technology Full time

    Information Systems Analyst IVJob Locations US-VA-ArlingtonID 2024-1682Category Core IT Svc.Type Proposal ActiveOverviewIshpi Information Technologies, Inc. (DBA ISHPI) is passionate about providing our customers with technical solutions that satisfy their business needs. Through collaborative interactions with customers, team members, subject matter...


  • Arlington, Virginia, United States International Staff Consulting Full time

    Job Description: We are seeking an experienced Cybersecurity Compliance and Governance Lead to join our team at International Staff Consulting. As an ISSM, you will be responsible for managing the cybersecurity posture of classified programs, ensuring compliance with government directives and program requirements. This role involves collaborating with...


  • Arlington, United States Insight Global Full time

    Requirements:8+ years of federal information systems security experience to include support for both financial and information security external audits.BS in related field.Minimum of two (2) years of FISMA experienceOne or more of the following certifications: CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP or CISSPDuties &...


  • Arlington, United States General Dynamics Information Technology Full time

    Type of Requisition:RegularClearance Level Must Currently Possess:Top SecretClearance Level Must Be Able to Obtain:Top Secret/SCIPublic Trust/Other Required:NoneJob Family:Information SecurityJob Qualifications:Skills:Airframes, Air Systems, Network Systems Design, Weapons SystemsCertifications:NoneExperience:10 + years of related experienceUS Citizenship...


  • Arlington, United States ISHPI Information Technology Full time

    Information Systems Analyst IIJob Locations US-VA-ArlingtonID 2024-1679Category Core IT Svc.Type Proposal ActiveOverviewIshpi Information Technologies, Inc. (DBA ISHPI) is passionate about providing our customers with technical solutions that satisfy their business needs. Through collaborative interactions with customers, team members, subject matter...


  • Arlington, Virginia, United States General Dynamics Information Technology Full time

    About the JobWe have an exciting opportunity for a seasoned Information Assurance Security Engineer to join our team at General Dynamics Information Technology. This role will involve working with the F-35 Directorate of Cyber Integration (DCI) to provide cybersecurity services and support the F-35 Lightning II Joint Program Office (JPO) in Arlington, VA.Key...


  • Arlington, Virginia, United States Goldbelt Nighthawk Full time

    Job Title: Information Assurance Analyst - Mid LevelSalary: The salary for this position is $170,000 annually.Overview: Goldbelt Nighthawk offers sound solutions in software development and both defensive and proactive cybersecurity. Our integrated, holistic cybersecurity workforce is enthusiastic, continuously learning, and progressive.Responsibilities:Main...


  • Arlington, Virginia, United States SiloSmashers Full time

    Job Title: Information Systems Security SpecialistAt SiloSmashers, we are seeking an experienced Information Systems Security Specialist to join our team. This is a unique opportunity for a skilled professional to contribute to the development and implementation of our security strategies and programs.About the Role:The successful candidate will have 7+...


  • Arlington, Virginia, United States Integration Innovation, Inc. Full time

    We are seeking a highly skilled Information Systems Security Manager (ISSM) to join our team at Integration Innovation, Inc. in Arlington, VA. This is a full-time position with a salary range of $120,000 - $180,000 per year.Job Description:i3 is a leading provider of missile and aviation systems engineering and logistic services, electronic warfare and...