Information System Security Manager
Role details
Job location
Tech stack
Job description
The ISSM will adhere to all requirements as stated in the 32 CFR Part 117 NISPOM Rule, National Industrial Security Program Operating Manual (NISPOM, DoD 5220.22-M) and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM) The ISSM shall liaise directly with the assigned DCSA ISSP to ensure full and timely compliance with government directives and regulations The ISSM shall assist the Facility Security Officer (FSO) in the effective implementation, assessment, and management of the PSC Security Program The ISSM reports security issues to the FSO and the Insider Threat Program Senior Official (ITPSO) as applicable Establishes, documents, implements, and monitors the Information System (IS) hardware, software, security program, System Security Plans (SSPs), security education, awareness, and training activities for facility management, IS personnel, users, and others, as appropriate Coordinates IS security program with the Corporate ISSM and Information System Security Officers (ISSOs) in addition to other facility ISSMs and ISSOs Prepares and implements security documentation, and monitors the IS Security Program and related procedures to ensures facility compliance with requirements for IS Identifies and documents unique local threats and vulnerabilities; makes recommendation to risk management status and reports threat indicators into the Insider Threat process Ensures that periodic self-inspections of the facility's IS security program and accredited systems are conducted as part of the overall facility self-inspection program and that corrective action is taken for all identified findings and vulnerabilities; self-inspections are to ensure that the accredited system is operating as accredited and that accreditation conditions have not changed Develops and implements Incident Response plans, vulnerability assessments, and maintenance procedures Designates and manages the training, certification and oversight responsibilities of assigned ISSOs as applicable Monitors and provides guidance on Information Assurance and IS Security Awareness to employees through scheduled briefings, training and Monthly IS Security Newsletter Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Requirements
Must possess or be willing to obtain CISSP and applicable certifications supporting DoD Directive 8570 Experience with or have worked as one or more of the following: Information Systems Security Manager (ISSM), Information System Security Officer (ISSO), Linux administrator (Linux +), Windows administrator (all OS(s) including legacy systems), Systems Administrator, Information System Auditor, Data Security Analyst, Network Control Technician Experience with ISFO and RMF process Experience with Linux and Networking DESIRED SKILLS & REQUIREMENTS: Industrial Security Program experience Active DoD Security clearance Experience with RMF and Compliance for system compliance CISSP certification Experience with NIST 800-53 r4 Project Management and Leadership Excellent written and verbal communication skills Familiarity with OBMS and EMASS Experience implementing DISA STIGs Knowledge of SIPRNet operations at the small enclave level