Jobs · Information Technology · California

Information Systems Security Manager

Lanteris Space Systems · Palo Alto, CA · 1 wk ago
Information Technology$123k–$205k/yrFull-time

About the role

We are currently seeking an Information Assurance Manager (IAM)/Information Systems Security Manager (ISSM). This role is based in our Palo Alto, CA office.

Responsibilities

  • Ensure Information System compliance with the potential to span multiple business areas or programs.
  • Ensure system security measures comply with applicable government policies.
  • Maintain a thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
  • Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
  • Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
  • Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
  • Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
  • Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
  • Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
  • Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
  • Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
  • Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
  • Report compliance metrics to government CSA, Program Management, and Information System Owner.
  • Manage, lead and provide security guidance and mentoring to a team of security professionals.
  • Oversee and coordinate insider threat program activities for assigned information systems in collaboration with the Insider Threat Program Manager.
  • Ensure proper media sanitization, destruction, and accountability procedures are followed for classified storage devices and system components throughout the system lifecycle and during decommissioning activities.
  • Cook up security incident response activities for assigned systems, including timely reporting to appropriate government agencies (DCSA, NSA, etc.) and internal stakeholders.
  • Oversee physical security integration with IS security requirements, ensuring proper coordination with facility security personnel.
  • Manage COMSEC material accountability and cryptographic key management for assigned systems as applicable.
  • Ensure compliance with TEMPEST/EMSEC requirements for SCI-level systems as applicable.

Requirements

  • Must be a U.S. citizen with Active TS/SCI clearance and CI Poly.
  • CISSP and CISM certifications.
  • Bachelor of Science degree.
  • 8 years of related IT security experience.
  • Minimum of 2 years related IT or security experience in a classified (SCI) environment.
  • Hands-on experience with SIEM tools (Splunk, Elastic, or similar) for log analysis and security event correlation.
  • Experience with Risk Management Framework (RMF) including participation in assessment and authorization activities.
  • Experience conducting security audits and vulnerability assessments in operational classified systems.
  • Department of Defense Directive (DoDD) 8140 / 8570 Certification requirements (CompTIA Security+ CE or equivalent certification).
  • Experience coordinating with government assessment teams (DCSA, NSA, Program Security Officers).

Preferred Qualifications

  • Experience with RMF Workflow Management Solutions such as XACTA, EMASS, or Service Now.
  • Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, ICD, DoD, or other Government Regulatory compliance standards within a professional industry.
  • Experience with Information Security tools including audit reduction, vulnerability management, change detection, network monitoring, etc. (ACAS, Nessus, HBSS, SPLUNK, RedSeal, Tripwire, DISA SCC and STIG Viewer).
  • Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems.
  • Experience with both Windows and Linux operating environments.
  • Previous leadership experience.
  • Experience managing security incidents and coordinating response activities in classified environments.
  • Knowledge of DevSecOps practices and secure software development lifecycle in classified systems.
  • Experience with insider threat detection tools and procedures.

Similar jobs