Information Systems Security Manager (ISSM) III

Overview

Senior ISSM managing RMF and SAP security for DoD systems

Key Responsibilities

• authorization docs
• risk assessment
• security assessment
• configuration management
• incident response
• training program

Tasks

-Maintain a and/or applicable repository for all system authorization documentation and modifications. -Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements. -Ensure all authorization documentation is current and accessible to properly authorized individuals. -Develop Assured File Transfers (AFT) on accordance with the JSIG. -Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization). -Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents. -Establish and develop a self-inspection program within the organization Performance elements. -Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. -Review AIS assessment plans. -Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning. -Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview. -Participate in the strategic planning and implementation of the Cyber Security Program. -Evaluate authorization documentation and provide written recommendations for authorization to government PMs. -Provide leadership, mentoring, and quality assurance for Cyber Security and Information Technology team members. -Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system. -Institute and implement a Configuration Control Board (CCB) charter. -Assess changes in the system, its environment, and operational needs that could affect the authorization. -Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination. -Advise government program managers on security testing methodologies and processes. -Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs). -Lead, cultivate and maintain productive working relationships with other DoD agencies managers, data stewards, and senior leadership to foster productive and positive cyber security profile. -Develop and implement a security assessment plan. -Periodically review system security to accommodate changes to policy or technology. -Provide expert input to the formulation of cyber security policies based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process. -Conduct periodic assessments of the security posture of the authorization boundaries. -Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed. -Develop and maintain a formal Information Systems Security Program. -Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation. -Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties. -Ensure that system security requirements are addressed during all phases of the system life cycle. -Coordinate all technical security issues outside of area of expertise or responsibility with ISSE. -Perform risk assessments and make recommendations to DoD agency customers. -Provide expert research and analysis in support of expanding programs and area of responsibility as it pertains to cyber security and information technologies activities. -Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented. -Advise customer on Risk Management Framework (RMF) assessment and authorization issues. -Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training.

Requirements

• sap
• dod
• master's
• 10 years
• ia cert
• isso/issm

What You Bring

-Must having working knowledge of DoD, National and applicable service and agency security policy, manuals and standards. -Minimum of 2 years of SAP experience required. -Master's degree and 10 years of related experience or 16 years of related experience without a degree. -Must be able to regularly lift up-to 50 lbs. -Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 or Information Assurance Manager Level 3 within 6 months of the date of hire. -Prior performance in roles such as ISSO or ISSM.

People Also Searched For

Benefits

-National Security Programs

About Gtangible Corporation

-Founded in 2009, began as a veteran-led firm combining military insight with agile support services. -Registered as a service-disabled veteran-owned small business with Delaware incorporation and CAGE code for government contracting. -Delivers national security programs, administrative/program management, and mission/warfighter support across CONUS and OCONUS. -Over the past decade, secured multi-million-dollar contracts. -Typical projects include information assurance, network defense, logistics, training development, and theater security cooperation. -Expanded into international program support and energy-focused organizational development. -Maintains small-business agility with big-agency impact.

Sector Specialisms

Security Clearance

-must obtain top secret/sci clearance with sap eligibility -consent for counterintelligence polygraph required