Information Systems Security Manager (ISSM)
Zachary Piper Solutions · Colorado Springs, CO · Yesterday
On-siteInformation Technology$120k–$160k/yrFull-time
Responsibilities
- Lead activities required to obtain and maintain Authority to Operate (ATO) approvals for classified information systems
- Ensure compliance with Department of Defense (DoD), Risk Management Framework (RMF), CNSSI, NIST, and applicable cybersecurity policies and directives
- Perform vulnerability and risk assessments supporting authorization and accreditation efforts for classified systems
- Develop, maintain, and update RMF documentation including System Security Plans (SSP), System Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Control Traceability Matrices (SCTM), Plans of Action and Milestones (POA&M), and Continuous Monitoring (ConMon) Plans
- Cook up with program security officers and government security officials regarding approvals for External Information Systems and system interconnections
- Conduct periodic reviews and evaluations of information system security policies, standards, and procedures
- Support and coordinate Information System Security Assessments, testing activities, and security reviews
- Evaluate and process hardware and software requests through appropriate security review processes
Qualifications
- Bachelor's degree (preferably Information Security, Cybersecurity, or related field)
- 9+ years of experience supporting cybersecurity, information assurance, system administration, or related disciplines (7 years with a Master's degree)
- Experience with Risk Management Framework (RMF), NIST standards, CNSS requirements, cybersecurity risk management methodologies, and compliance processes
- Experience supporting Program Security disciplines including OPSEC, Program Protection, Personnel Security, Security Training and Education, and Classification Management
- Experience working within SAP and/or SCI environments
- Willingness to support nomination for Sensitive Compartmented Information (SCI), Special Access Programs (SAP), and Polygraph requirements
- Possession of certification(s) meeting or exceeding DoD 8140 IAT Level II requirements (e.g., Security+, CISSP)
- Experience supporting Windows-based environments with working knowledge of Linux operating systems
Preferred Qualifications
- Master's degree in Cybersecurity, Information Security, or related security discipline
- Knowledge of JSIG, ICD 503, NIST RMF, NIST, and Assessment & Authorization (A&A) processes
- Experience supporting Incident Response and Disaster Recovery activities
- Experience developing and maintaining security plans, procedures, and certification artifacts
- Familiarity with virtualized infrastructure technologies such as VMware
- Experience conducting security audits and formal information system assessments
- Extensive experience administering and securing Windows-based information systems
- Understanding of Contractor Program Security Officer (CPSO) responsibilities including PERSEC, PHYSEC, visitor control, facility security, and security education programs
- Familiarity with DD254 requirements and support of government contracts