Information Systems Security Manger (ISSM)

The Information Systems Security Manger (ISSM) will perform work for multiple Department of Defense (DoD) programs. This position can be either Specials or Collateral. The ISSM will work under the direction of the Cybersecurity Compliance Team Lead. The successful candidate must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands customer service, communication, and organizational skills.

Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.

To obtain and maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF). This position supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.

Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site.

SSCI is a leading developer of advanced technologies for mission planning and autonomy for the Aerospace and Defense industries. Founded in 1990 and based in Woburn, MA, SSCI invents disruptive technologies, develops revolutionary solutions, and builds trusted products for our customers’ most challenging missions. SSCI focuses on the creation of AI/ML-enabled capabilities to command, control, communicate with, and manage composable collections of intelligent agents, smart sensors, and autonomous platforms across all domains.

*This position requires U.S. Citizenship and active U.S. Dept. of Defense TS/SCI Clearance.

Responsibilities

• Develop and maintain a formal IS security program and policies for their assigned area of responsibility
• Provide technical and procedural Information System (IS) Security advice to government and industrial teams
• Develop and oversee operational information systems security implementation policy and guidelines
• Coordinate with PSO or cognizant security official on approval of External Information Systems (e.g. guest systems, interconnected system with another organization)
• Oversee ISSOs under their purview to ensure they follow established IS policies and procedures
• Assume ISSO responsibilities in the absence of the ISSO; maintain required IA certifications
• Ensure System Administrators (SA) monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks
• Ensure all ISSOs receive the necessary technical and security training (e.g., operating system, networking, security management) to carry out their duties
• Ensure approved procedures are used for sanitizing and releasing system components and media
• Maintain a repository of all security authorizations for IS under their purview
• Coordinate IS security inspections, tests, and reviews
• Ensure proper measures are taken when an IS incident or vulnerability is discovered
• Ensure data ownership and responsibilities are established for each IS, and specific requirements (to include accountability, access and special handling requirements) are enforced
• Ensure development and implementation of an effective IS security education, training, and awareness program
• Ensure CM policies and procedures for authorizing the use of hardware/software on an IS are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the appropriate AO prior to the addition, change or modification
• Serve as a voting member of the Configuration Control Board (CCB) and/or the Risk Executive Board, if applicable. The ISSM shall have authority to veto any proposed change they feel is detrimental to security. Appeals on an ISSM/ISSO veto may be taken to the AO. The ISSM may elect to delegate this responsibility to the ISSO
• Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures
• Manage, maintain, and execute the information security continuous monitoring plan
• Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AO/DAO; and Assess changes to the system, its environment, and operational needs that could affect the security authorization
• Develop concept of operations for new systems

• Ensure SAP facilities are built to ICD-705 or O-5205.07, Volume 3 specifications
• Work with industry partners to ensure physical security measures are met and compliant with applicable DoD policy
• Conduct annual and biannual physical self-inspections
• Coordinate with local CPSO and FSO for any updates or changes to current facility

Requirements

• Bachelor's degree with a minimum 3 years' experience, or a Masters with 2 years relevant experience; or associates and minimum 6 years relevant experience
• Currently possesses Security + certification
• Five (5) years’ experience in Special Access Programs and with particular experience in the computer and physical security disciplines and the administration/implementation of the Joint Air Force-Army-Navy-JAFAN’s 6/0, 6/3, 6/4, and 6/9
• Experience in SAP and Collateral Information Systems (IS) Security
• Meets DoD 8570.1 Certification Requirements as a IA Technical Category II (for system and network administrators)
• Experience controlling, labeling, virus scanning, auditing tools, and secure data transfer between information systems
• Demonstrated knowledge and use of the following regulations: JAFAN 6/0; JAFAN 6/3; DCID 6/3; Joint DoDIIS/Cryptologic SCI Information Systems Security Standards; DoD 5105.21 M-1; Sensitive Compartmented Information Administrative Security Manual; AFMAN 14-304; The Security, Use and Dissemination of Sensitive Compartmented information; ICD 503 Regulations (Computer Security), knowledge of "New" Risk Management Framework (RMF) processes
• Proficiency of the DoD O-5205.07, Volume 3; ICD-705 and applicable DoD physical security manuals and directives
• Knowledge of databases, spreadsheets and report writing
• Active TS/SCI Security Clearance based upon a SSBI within the last five years

Benefits

Salary is competitive with market rates, with annual bonus awards based on company and individual performance. SSCI benefits package includes 401K, Health/Life/Disability Insurance.