Information Systems Security Manager

Oklahoma City, OK

Posted: 05/10/2022 Industry: Security Engineer Job Number: JN -022022-14153 Division: Government/DOD

Job Description

Information System Security Manager

Salary: $110k-130k/Yr.
Location: Oklahoma City, OK (Tinker AFB)
Industry: Department of Defense
Clearance: Active Top Secret (SCI preferred)

Required Qualifications:

  • The senior candidate shall have 10 years experience in the related field
  • The candidate shall have the appropriate DoD 8570 Information Assurance Management certification
    level, including Security+ Level 2, and CISSP Level 3 or equivalent certifications, and 3-5 years of classified
    information systems experience (at a minimum journeyman skill level) to develop and implement DoD
    security controls.
  • Must have senior level industry experience demonstrating and practicing their knowledge, skills, and abilities in
    Information Systems Security.
  • Risk Framework Management and Framework (RMF) certification packages experience
  • Must Possess an active Top Secret security clearance, current within five (5) years, based upon a T5 or T5R
    investigation (formerly known as Single Scope Background Investigation (SSBI) or SSBI Periodic Review
  • Must have 12 months or more of experience in a SAP environment within the last five (5) years.
  • Must be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.
  • Sustain and update the formal IS security program as needed with the Government ISSM.
  • Implement and enforce IS security policies.
  • Review and endorse all IS assessment and authorization support documentation packages.
  • Advise, provide guidance, and assist the IT/IA team to ensure compliance with established IS policies and procedures.
  • Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
  • Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
  • Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, SysAdmin) and security training (e.g., ND-225 or equivalent) to carry out their duties.
  • Advise ISSOs concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
  • Ensure the development of system assessment and authorization documentation by reviewing and endorsing such documentation and recommending action to the DAO/SCA.
  • Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
  • Maintain, as required by the DAO/SCA, a repository for all system assessment and authorization documentation and modifications.
  • Coordinate IS security inspections, tests, and reviews.
  • Investigate and report (to the DAO/SCA and local management) security violations and incidents, as appropriate.
  • Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
  • Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
  • Ensure development and implementation of an effective IS security education, training, and awareness program.
  • Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
  • Develop procedures for responding to security incidents, and for investigating and reporting (to the DAO/SCA and to local management) security violations and incidents, as appropriate.
  • Serve as a member of the configuration management board, where one exists (however, the ISSM may elect to delegate this responsibility to the ISSO.)
  • Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized



Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.