Information Systems Security Manager (ISSM)

Boulder, Colorado, United States

Full Time Mid-level / Intermediate Clearance required USD 150K+

SciTec

The world brings problems; SciTec builds solutions. Our team is committed to delivering cutting-edge advancements for defense, security, and civil affairs.

View company page

SciTec has been awarded multiple government contracts and is growing our creative Team! SciTec, Inc. is a dynamic small business with the mission to deliver advanced sensor data processing technologies and scientific instrumentation capabilities in support of National Security and Defense. We support customers throughout the Department of Defense and U.S. Government in building innovative new tools to deliver unique world-class data exploitation capabilities.

SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM). The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.

Responsibilities

  • Leading the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
  • Conducting cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
  • Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase.
  • Develop and execute a Continuous Monitoring program for information systems in accordance with NIST 800-53
  • Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process
  • Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
  • Conduct required IS vulnerability scans according to risk assessment parameters.
  • Continuously evaluating system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
  • Supporting the local SciTec Facility Security Officer (FSO) in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
  • Contribute to Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 which may include authoring policy and procedure, capturing artifacts, and working related projects.
  • Contributing to other corporate security and information assurance activities throughout the company with System Administrators, Security, and other stakeholders.
  • Successful candidates will have strong written and communication skills to maintain a relationship with government counterparts and other mission partners.
  • Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner
  • At least two years serving as an Information System Security Officer or Manager at a cleared facility.
  • Familiarity with the use and operation of DISA SCAP and STIGViewer tools
  • Is technical lead for the Risk Management Framework (RMF) package creation and compliance.

Requirements

  • Candidates must have an active Secret government security clearance.
  • 2 years of experience specifically supporting the compliance of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
  • 4 year degree in Information Technology, Cybersecurity, Computer Science or other related field
  • Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
  • Ability to research and develop solutions to emerging cyber threats.
  • Proficient with Microsoft Word, Microsoft Excel, and OneDrive.
  • Self-starter with ability to work independently.
  • Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.

Candidates who have one or more of the following skills will be preferred:

  • An active TOP SECRET clearance.
  • A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
  • Prior successful experience as an ISSM.
  • Prior experience with NIST 800-171, NIST 800-53 (both DIACAP 8500.2 and Risk Management Framework), and Continuous Monitoring and Risk Scoring (CMRS).
  • Experience working with the ELK stack.
  • Experience with Azure, AWS, or similar cloud environments.
  • Have experience with VMware or other virtualization software.
  • Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
  • Incident response and reporting experience.

Benefits

SciTec offers a highly competitive salary and benefits package, including:

  • 3% Fully Vested Company 401K Contribution (no employee contribution required)
  • 100% company paid HSA Medical insurance, with a choice of 2 buy-up options
  • 80% company paid Dental insurance
  • 100% company paid Vision insurance
  • 100% company paid Life insurance
  • 100% company paid Long-term Disability insurance
  • Short-term Disability insurance
  • Annual Profit-Sharing Plan
  • Discretionary Performance Bonus
  • Paid Parental Leave
  • Generous Paid Time Off, including Holiday, Vacation, and Sick Pay
  • Flexible work hours

The pay range for this position is $83,00 to $150,000. SciTec considers several factors when extending an offer of employment, including but not limited to the role and associated responsibilities, a candidate's work experience, education/training, and key skills. This is not a guarantee of compensation.

SciTec is committed to hiring and retaining a diverse workforce and is proud to be an Equal Opportunity/Affirmative Action employer.


Tags: AWS Azure CISSP Clearance Cloud CMMC Compliance Computer Science DIACAP DoD DoDD 8570 ELK Governance Incident response Intrusion detection Linux Monitoring NIST Risk assessment Risk management SCAP Security Clearance System Security Plan Top Secret Top Secret Clearance UNIX VMware Vulnerability scans Windows

Perks/benefits: 401(k) matching Competitive pay Flex hours Flex vacation Health care Insurance Medical leave Parental leave Salary bonus Team events

Regions: North America South America
Country: United States
Job stats:  13  2  0
Category: Leadership Jobs
  • Share this job via
  • or

More jobs like this

Explore more InfoSec/Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.