Information Systems Security Manager (ISSM)
Arlington, VA
Full Time Mid-level / Intermediate Clearance required USD 68K - 179K *
STR has an exciting opportunity for or an ISSM that will be responsible for classified programs Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements. In this dynamic position you will interface directly with the government cognizant security agency (CSA) and collaborate with other Cybersecurity professionals, Security professionals, System Administrators, engineering community, and other government customers on overall compliance and configuration change management.
Responsibilities:
- Responsible for the Cybersecurity program as stipulated by various US Government requirements including (but not limited to): Joint Special Access Implementation Guide (JSIG), National Industrial Security Operating Manual (NISPOM), and the DCSA Assessment and Authorization Process Manual (DAAPM)
- Monitor cybersecurity compliance by performing periodic self-inspections, tests, and reviews of information systems to ensure that workstations/servers are operating as authorized/accredited
- Supervisor for assigned Information System Security Officers (ISSO) supporting accredited networks
- Coordinate with program/project stakeholders, Cybersecurity staff (other ISSM’s, ISSO’s, ISSE’s), the Facility Security Officer (FSO), Contractor Program Security Officer (CPSO), and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis.
- Performs Assessment and Authorization (A&A) activities such as information system certification testing of required configuration controls and preparing/maintaining various documentation such as: Standard Operating Procedures (SOP), System Security Plan (SSP), Risk Assessment Report (RAR), Security Controls Traceability Matrix (SCTM), etc
- Manages and maintains Continuous Monitoring (ConMon)/Plan of Action and Milestones (POA&M) reports
- Responsible for security sustainment activities including (but not limited to): hardware change management, software change management, account management, media protection, user interface, file transfers, etc
- Assists the FSO, CPSO and Computer Incident Response Team (CIRT) in data spill incident response
- Maintain thorough understanding of NIST 800-53 controls, determines controls applicable to the application, and documents control implementation in the SCTM
- Perform other tasks as assigned by manager/supervisor
Requirements:
- This position requires an active Top Secret security clearance, with the ability to obtain an SAP and SCI access for which U.S. citizenship is needed by U.S. Government
- Three (3) to five (5) years’ experience as an ISSM implementing NISPOM Chapter 8, DAAPM, ICD503 and/or JSIG IS requirements
- DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months upon being hired
- Experience with configuration/certification and auditing/analysis of Windows/Linux operating systems in a Peer-to-peer, LAN & WAN network environment
- Familiarity/understanding using authorization/accreditation databases (eMASS, Xacta, etc.)
- Excellent communications skills
- Demonstrated strong critical thinking and problem-solving skills
- Detail oriented and self-motivated
- Ability to effectively prioritize multiple projects
- Ability to work with people in a team environment and deal effectively with changing project priorities
- Strong customer service skills
STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.
STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.
STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.
STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.
If you need a reasonable accommodation for any portion of the employment process, email us at appassist@str.us and provide your contact info.
Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Artificial Intelligence Audits CISA CISM CISSP Clearance Compliance DAAPM DoD DoDD 8570 eMASS IAM Incident response Industrial ISSE Linux Monitoring NISPOM NIST NIST 800-53 POA&M Risk assessment Risk Assessment Report Risk management RMF SAP SCTM Security Clearance SRTM System Security Plan Top Secret Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs