Information Systems Security Manager (ISSM) for SciTec in Boulder, CO (Est. salary $99,299 per year)
SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM). The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.
- Leading the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
- Conducting cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
- Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase.
- Develop and execute a Continuous Monitoring program for information systems in accordance with NIST 800-53
- Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process
- Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
- Conduct required IS vulnerability scans according to risk assessment parameters.
- Continuously evaluating system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
- Supporting the local SciTec Facility Security Officer (FSO) in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
- Contribute to Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 which may include authoring policy and procedure, capturing artifacts, and working related projects.
- Contributing to other corporate security and information assurance activities throughout the company with System Administrators, Security, and other stakeholders.
- Successful candidates will have strong written and communication skills to maintain a relationship with government counterparts and other mission partners.
- Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner
- At least two years serving as an Information System Security Officer or Manager at a cleared facility.
- Familiarity with the use and operation of DISA SCAP and STIGViewer tools.
- Is technical lead for the Risk Management Framework (RMF) package creation and compliance.
- Other duties as assigned
- Candidates must have an active Secret government security clearance.
- 2 years of experience specifically supporting the compliance of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
- 4 year degree in Information Technology, Cybersecurity, Computer Science or other related field
- Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
- Ability to research and develop solutions to emerging cyber threats.
- Proficient with Microsoft Word, Microsoft Excel, and OneDrive.
- Self-starter with ability to work independently.
- Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.
- Detail oriented
- Good verbal and written communication skills
Candidates who have one or more of the following skills will be preferred
- An active TOP SECRET clearance.
- A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
- Prior successful experience as an ISSM.
- Prior experience with NIST 800-171, NIST 800-53 (both DIACAP 8500.2 and Risk Management Framework), and Continuous Monitoring and Risk Scoring (CMRS).
- Experience working with the ELK stack.
- Experience with Azure, AWS, or similar cloud environments.
- Have experience with VMware or other virtualization software.
- Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
- Incident response and reporting experience.
For more info.: https://theucf.info/TuRxEh