Information System Security Manager (ISSM)

Arlington, VA, United States

Maximus

At the federal, state, and local level, we transform public policy into programs that change lives.

View company page

Job Description Summary

The Senior SAP Information Systems Security Manager (ISSM) is responsible for cybersecurity strategy and managing a team responsible for securing information systems. ISSMs develop and implement security policies and procedures, ensuring compliance with legal and regulatory standards. This role involves conducting risk assessments, managing incident response activities, and overseeing the deployment of security technologies. Senior ISSMs liaise with other directorates to align security measures with organizational objectives, provide training and awareness programs, and remain ahead of emerging cybersecurity threats and trends. The position integrates strategic planning, technical expertise, and leadership skills to effectively manage information security risks and maintain compliance with regulatory standards.This responsibility acts as technical advisors to AOs, are primarily responsible for maintaining the overall security posture of the systems within their organization and are accountable for the implementation of DoD 8510.01. The organization’s Cybersecurity program is developed by ISSMs that includes Cybersecurity architecture, requirements, objectives and policies, Cybersecurity personnel, and Cybersecurity processes and procedures. ISSMs are also in charge of the continuous monitoring of systems within their purview to ensure compliance with Cybersecurity policies. Moreover, ISSM responsibilities include (taken from DoDI 8500.01 and 8510.01).Key Job Functions:• Develop and Implement Security Policies • Establishes and maintains comprehensive information security policies and procedures in line with industry standards and regulatory requirements. • Collaborate with key stakeholders to ensure security engineering initiatives aligned with the operational needs within the SAP IT • Support the customer in researching, evaluating, planning, designing, engineering, and delivering cybersecurity solutions.• Experienced in one or more cloud computing services and technologies including but not limited to: AWS/C2S, Microsoft Azure, Nutanix, VMware. Identify technical problems before or after they occur and implements solutions that prevent them from reoccurring.• Provide guidance and oversight to SAP community defense contractors.Security Audits and Risk Management: • Conducts regular risk assessments to identify vulnerabilities and implement appropriate security measures to mitigate risks and reviews to assess the effectiveness of security controls and procedures. • Provide oversight of all Software Licenses, Configuration Changes and Plan of Action & Milestone (POA&M) • Maintain and report IS and PIT systems assessment and authorization status and issues in accordance with SAP IT & service component guidance. • Ensure implementation of IS security measures and procedures including reporting incidents to the AO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 3 for classified information respectively.Compliance Management: • Ensures compliance with legal, regulatory, and organizational information security standards. • Coordinate with the organization's security manager to ensure issues affecting the organization's overall security are addressed appropriately. • Ensure that the Cyber workforce and third-party contractors are appointed in writing and provide oversight to ensure they are following established SAP IT Cybersecurity policies and procedures. • Ensure that Cybersecurity-related events or configuration changes that may impact SAP IT information systems authorizations or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs• Ensure the secure configuration and approval of SAP IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to an SAP IT system. Incident Response: • Assist with the development of processes and procedures to improve incident response times.• Identify and select best-in-class threat prevent tools and software for the SAP Ecosystem Leads the response to information security incidents, including investigation, documentation, and coordination with relevant stakeholders.Training and Awareness: • Develops, recommends, and delivers security awareness training programs to educate employees about information security best practices and policies.• Experience leading and mentoring junior level staff.Technology Evaluation: • Evaluates and recommends security enhancements and technology solutions to improve overall information system security.• Knowledge of coding languages, intrusion detection, operating systems, security planning and auditing, ethical hacking and other security, programming, and diagnostic tools • Develop and implement new security mechanisms for the SAP Ecosystem• Provide recommendations to the SAP Community on the latest vulnerabilities and identify remediation efforts.Team Leadership: • Interact with technical leads, developers, and system owners to ensure that all technical requirements are aligned with SAP guidance. • Demonstrate the ability to participate in cross-functional planning, coordination, and task execution situations involving the full spectrum of system integration activities.• Liaison between the various SAP directorates (Enterprise Architecture and Data) Leads and mentors a team of information security professionals, fostering a culture of continuous improvement and proactive security. • Experience leading and mentoring junior level staff.Reporting: • Ability to express complex technical concepts effectively, both verbally and in writing• Prepares and presents reports on the status of information security, highlighting areas of concern and proposing improvementsRequired Qualifications: • Active TS/SCI clearance.• A Bachelor's degree is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement. An Associate's degree and 2 years of relevant work experience may also be considered in lieu of the degree requirement.• Minimum seven (7) years of demonstrable DoD or SAP security experience.• Must meet the DoD 8140 requirements• Cloud certification is a plus #techjobs #clearance #SAPCIO

Job Summary

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS046, T4, Band 7

MAXIMUS Introduction

Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit https://www.maximus.com.

EEO Statement

EEO Statement: Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We’re proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.

Pay Transparency

Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.

Posted Max

USD $185,000.00/Yr.

Posted Min

USD $77,600.00/Yr.
Apply now Apply later
  • Share this job via
  • or

Tags: Audits AWS Azure Clearance Cloud Compliance DoD DoDD 8140 Ethical hacking Incident response Intrusion detection iOS Monitoring POA&M Risk assessment Risk management SAP Strategy TS/SCI VMware Vulnerabilities

Perks/benefits: Career development Health care Insurance Team events Transparency

Region: North America
Country: United States
Job stats:  6  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.