(602) Information Systems Security Manager III
Cybersecurity Program Management
Support IT security goals and objectives to reduce overall organizational risk
Communicate the value of IT security throughout all levels of organization stakeholders
Coordinate with various levels of the organization to oversee information security program implementation
Manage cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources
Assist with facilitating communication between all RMF stakeholders throughout the RMF process
Security Assessment and Authorization
Assist with the collection of data needed to meet system cybersecurity reporting requirements
Assist with security improvement actions as they are evaluated, validated, and implemented
Participate in information security risk assessments during the Security A&A process
Assist with identifying security requirements specific to IT systems in all phases of the system life cycle
Coordinate with programs to resolve findings identified during internal and external review processes
Compliance and Risk Management
Assist with cybersecurity inspections, tests, and reviews for the network environment
Assist with identifying alternative information security strategies to address organizational security objectives
Interpret patterns of noncompliance to determine their impact on risk levels and overall effectiveness of the enterprise's cybersecurity program
Track audit findings and recommendations to ensure appropriate mitigation actions are taken
Monitor systems for upcoming authorization conditions/stipulations, upcoming or past due POA&M items, and SLCM activities
Documentation and Reporting
Develop findings reports and recommended corrective actions for identified deficiencies
Report system compliance in DON Application and Database Management System (DADMS), Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON), and Vulnerability Remediation Asset Manager (VRAM)
Assist with Quality Assurance (QA) reviews for RMF package submissions in accordance with NSWCPD and NAVSEA 03 SOP
Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals
Track and respond to Cybersecurity data calls per Government guidance
Minimum Qualifications Including Certificates
- Must be a U.S. Citizen
- Active Secret security clearance
- Master's degree in computer science, information technology, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university
- Eight (8) years of experience coordinating with various levels of an organization to oversee and manage information security program implementation
- Experience managing cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources
- Must possess one of the following certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP
- IAM-II certification level
- Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF)
Desired Qualifications
- Experience with enterprise security technologies and tools including eMASS and VRAM
- Knowledge of NIST Special Publications and DoD cybersecurity instructions
- Experience with Navy and DoD organizational structures and policies
- Familiarity with NAVSEA cybersecurity requirements and procedures
- Experience with vulnerability management and continuous monitoring
- Demonstrated leadership abilities and strong communication skills
AAP Statement
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.