Information System Security Manager
Joint Base Anacostia-Bolling (JBAB), DC
SRG Government Services is a leading provider of information technology, training, engineering, accounting and intelligence analytical services for agencies in the intelligence, defense, homeland security, cyber security, and federal civilian markets. SRG utilizes an innovative approach to identify and qualify talent that is unique to the federal contracting industry, featuring a cutting edge platform that allows us to rapidly and precisely match professionals to client requirements. We have a proprietary database of over one million candidates and maintain continuous contact with our qualified talent.
SAP, JBAB, Test, Cyber, Risk, Configuration, SCA, ISSM, ATO, RMF, Framework, Aviation, Air Force
Title: Information System Security Manager (ISSM) TS/SCI
Location: Joint Base Anacostia-Bolling (JBAB)
Industry: Department of Defense
Primary function will be to manage and work with Special Access Programs (SAPs) supporting Department of Defense (DOD), Headquarters United States Air Force operations. The position will provide leadership for "day-to-day" direct end user support for Collateral, Sensitive Compartmented Information (SCI), and Special Assess Program (SAP) networks. This position will be located at Joint Base Anacostia-Bolling (JBAB).
- You will establish, documents, and monitors security programs while overseeing the implementation plans, and ensuring compliance with DOE management policies.
- Candidates must possess a working knowledge of cyber security policies and technical cyber security protection measures.
- You will also serve as the authorizing officer for all cyber security issues.
- You will conduct periodic scans to verify networks and systems are appropriately baselined with tested and approved system and application patches, hotfixes and updates.
- Continually evaluate the security posture of all networks and systems, including making recommendations for implementing new security controls as new threats and vulnerabilities are discovered.
- Create, log and control all customer requests and transactions for data transfers between systems (e.g. Compact Disks (CD) and other high-capacity media, scanning documents, etc.).
- Ensure the following activities are required and completed on a periodic basis (e.g. ensuring data is backed up, account management (deactivate unused accounts and validate user access rights), participate in the Systems Development Life Cycle (SDLC).
- Evaluate all new software and hardware products for potential security flaws and risks.
- Immediately notify the Information Systems Security Manager (ISSM) of all security-relevant issues, findings and potential risks associated with any Information System (IS).
- Periodically review and analyze audit logs for system deficiencies and anomalies using audit reduction tools.
- Prepare, update and maintain RMF documentation such as, but not limited to, Authorization to Operate (ATO) packages, System Security Plans (SSP), Risk Assessment Reports (RAR), Security Control Traceability Matrixes (SCTM) and Plan of Actions and Milestones (POA&Ms) for all networks and systems.
- Provide Configuration Management (CM) for IS security software, hardware, firmware and coordinating changes and modifications with the ISSM, SCA and Authorizing Official (AO).
- Work closely with Security Control Assessors (SCA) to determine effectiveness of current security controls and a path forward to implement future security controls, where potential weaknesses might exist.
- Bachelor of Science Degree (Desired).
- 4 years' or equivalent work experience will be considered in lieu of degree.
- 8+ years' of related technical experience
- Firm understanding of the following:
- DoD 8500.1-M.
- Experience with DoD Special Access Programs (SAP). "DESIRED"
- Joint SAP Implementation Guide (JSIG).
- National Institute of Standards and Technology (NIST) Special Publication 800-53.
- Risk Management Framework (RMF).
- One of the following Department of Defense Directive (DoDD) 8140 for Information Assurance Technical (IAT) Level 3 certifications:
- CASP CE
- CISSP (or Associate)
- Computer Environment (CE) from an OS (e.g. Microsoft, Cisco, etc.).
- Assured Compliance Assessment Solution (ACAS).
- Host Based Security System (HBSS).
- Awarded work with the Prime Contractor.
- Opportunity with major Government Defense contractor. Clear defined career path.
- TS/SCI Clearance