Information System Security Manager

*** As required by our governmental client, this position requires being a U.S. Citizen******

Develop, implement, and manage security programs in compliance with NISPOM, RMF, and other federal requirements. Oversee personnel, physical, and cybersecurity; conduct audits, inspections, training, and investigations; and maintain classified systems and COMSEC accountability. Provide classification guidance, risk management, and emergency response while liaising with government agencies and senior management to ensure compliance, continuous monitoring, and program effectiveness.

Compensation & Benefits:

Estimated Starting Salary Range for Information System Security Manager (ISSM): $130k- $150k

Pay commensurate with experience.

Full-time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.

Information System Security Manager (ISSM) Responsibilities Include:

• Develop and revise security plans and procedures utilizing the 32 CFR Part 117 National Industrial Security Operating Manual (NISPOM), DoD Special Access Program Security Manual, as well as any other specific programmatic instruction manuals.

• Interpret and enforce Government and company policies as well as provide direction and guidance to employees.

• Provide prime/subcontractor security support and direction, including the development and maintenance of DD254's and security guidance.

• Provide classification guidance to employees, develop and provide security education and awareness training, conduct security briefings, lead security self-inspections and audits, and investigate security incidents.

• Provide security guidance and education to company personnel and advise Senior Management

• Conduct investigations of non-compliance with government and company regulations

• Write comprehensive investigation, adverse information, suspicious contacts, violation, infraction or administrative inquiry reports

• Develop and implement improved methods of inspection preparation, audits, and analysis of the security function to determine performance and cost effectiveness

• Lead Government Security reviews as well as any internal Security audits

• Conduct formal self-inspections, overseeing the implementation/completion of corrective action plans

• Conduct general and program-specific briefings

• Establish and maintain physical security systems, plant protection, contingency plans and emergency response through collaboration with Business Continuity and Physical Security Managers

• Incident commander for all site security emergency events

• Support to other security disciplines within the organization to include: Personnel Security, Physical Security, Special Programs, Document Control and Visitor Control

• Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, NSA, and associated NIST publications.

• To obtain and maintain Authority to Operate (ATO) approvals for an information system by adhering to the Risk Management Framework (RMF).

• Supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.

• Interface with program managers and maintain strong relationships with Defense Counterintelligence & Security Agency (DCSA), National Security Agency (NSA) and US Government Security customers

• Ensure the requirements of the NSA/CSS Policy Manual 3-16 and other applicable manuals / OPORDS are implemented, and compliance is maintained

• Interface with program managers and maintain liaison with US Government Program Security Officers.

• Complete annual COMSEC keying of Taclanes and/or Vipers prior to their supersession date

• Complete/submit NSA-initiated semi-annual inventories prior to the given deadline and maintain DIAS to reflect the current inventory

• Provide oversight for all classified systems compliance, and ensure the execution of our strong self-inspection program.

• Ensure all security certification and accreditation documents in relation to all classified systems are up-to-date.

• Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with cognizant security authority requirements are being implemented and met.

• Performs other job-related duties as assigned.

Information System Security Manager (ISSM) Experience, Education, Skills, Abilities requested:

• 6 or more years of relevant security-related work experience applicable to the position and a minimum of a high school diploma
• Ability to exercise discretion and independent judgement while complying with policies, procedures, appropriate principles and applicable state and federal laws and regulations.
• Highly proficient in written and verbal communication skills with emphasis on clear and cogent presentation of complex information.
• Demonstrated knowledge of 32 CFR Part 117 NISPOM
• Ability to solve complex decisions independently
• Ability to manage time, make sound decisions, take independent action, analyze problems, and provide focused solutions.
• IAM Level II certification commensurate with DoD 8570.1M requirements
• ISSM or relevant cybersecurity experience
• High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
• Strong organizational skills
• Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
• Knowledge and ability to operate multiple Key loading devices (SKL, DTD, RASKL) STE and ViPer phones.
• Coordinate security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers
• Experience with eMASS and the ability to develop required Authorization to Operate (ATO) documentation including System Security Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans.
• Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, SPLUNK).
• Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
• Experience with the development and delivery of IA-related briefings and training material.
• Experience with compliance and vulnerability scanning tools (Nessus, SCAP, SPLUNK).
• Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Previous experience as an FSO and/or ISSM or Department of Defense Security Manager
• Facility Security Officer Program Management for Possessing Facilities Certificate (via CDSE)
• Demonstrate working knowledge of the DoD SAP Manuals & ICD series manuals.
• Experience with DISS, NISS, SIMs, and eMASS
• Run and maintain the entire information assurance program for more complex efforts or area
• Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Translate operational requirements into technical requirements and architectures needed to meet program objectives
• Experience with conducting all aspects of a self-inspection
• Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
• Prepared incident reports of analysis methodology and results
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
• Ability to function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems

• Must pass the pre-employment qualifications of Cherokee Federal.

Company Information:

Cherokee Nation Integrated Health (CNIH) is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about CNIH, visit cherokee-federal.com.

#CherokeeFederal #LI-SH1 #LI-REMOTE

Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Similar searchable job titles:

• Information Systems Security Officer (ISSO)

• Cybersecurity Manager

• Security Control Assessor (SCA)

• Information Assurance Manager (IAM)

• IT Security Manager

Keywords:

• Risk Management Framework (RMF)

• Compliance

• System Authorization (ATO)

• Cybersecurity Controls

• Continuous Monitoring

Legal Disclaimer: All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law. Many of our job openings require access to government buildings or military installations. Candidates must pass the pre-employment qualifications of Cherokee Federal.

Please Note: This position is pending a contract award. If you are interested in a future with Cherokee Federal, APPLY TODAY! Although this is not an approved position, we are accepting applications for this future and anticipated need.