Information Systems Security Manager
Lanteris Space Systems · Palo Alto, CA · 1 wk ago
Information Technology$123k–$205k/yrFull-time
About the role
We are currently seeking an Information Assurance Manager (IAM)/Information Systems Security Manager (ISSM). This role is based in our Palo Alto, CA office.
Responsibilities
- Ensure Information System compliance with the potential to span multiple business areas or programs.
- Ensure system security measures comply with applicable government policies.
- Maintain a thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
- Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
- Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
- Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
- Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
- Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
- Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
- Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
- Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
- Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
- Report compliance metrics to government CSA, Program Management, and Information System Owner.
- Manage, lead and provide security guidance and mentoring to a team of security professionals.
- Oversee and coordinate insider threat program activities for assigned information systems in collaboration with the Insider Threat Program Manager.
- Ensure proper media sanitization, destruction, and accountability procedures are followed for classified storage devices and system components throughout the system lifecycle and during decommissioning activities.
- Cook up security incident response activities for assigned systems, including timely reporting to appropriate government agencies (DCSA, NSA, etc.) and internal stakeholders.
- Oversee physical security integration with IS security requirements, ensuring proper coordination with facility security personnel.
- Manage COMSEC material accountability and cryptographic key management for assigned systems as applicable.
- Ensure compliance with TEMPEST/EMSEC requirements for SCI-level systems as applicable.
Requirements
- Must be a U.S. citizen with Active TS/SCI clearance and CI Poly.
- CISSP and CISM certifications.
- Bachelor of Science degree.
- 8 years of related IT security experience.
- Minimum of 2 years related IT or security experience in a classified (SCI) environment.
- Hands-on experience with SIEM tools (Splunk, Elastic, or similar) for log analysis and security event correlation.
- Experience with Risk Management Framework (RMF) including participation in assessment and authorization activities.
- Experience conducting security audits and vulnerability assessments in operational classified systems.
- Department of Defense Directive (DoDD) 8140 / 8570 Certification requirements (CompTIA Security+ CE or equivalent certification).
- Experience coordinating with government assessment teams (DCSA, NSA, Program Security Officers).
Preferred Qualifications
- Experience with RMF Workflow Management Solutions such as XACTA, EMASS, or Service Now.
- Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, ICD, DoD, or other Government Regulatory compliance standards within a professional industry.
- Experience with Information Security tools including audit reduction, vulnerability management, change detection, network monitoring, etc. (ACAS, Nessus, HBSS, SPLUNK, RedSeal, Tripwire, DISA SCC and STIG Viewer).
- Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems.
- Experience with both Windows and Linux operating environments.
- Previous leadership experience.
- Experience managing security incidents and coordinating response activities in classified environments.
- Knowledge of DevSecOps practices and secure software development lifecycle in classified systems.
- Experience with insider threat detection tools and procedures.