Information System Security Manager

Salary: $110k-130k/Yr.
Location: Oklahoma City, OK (Tinker AFB)
Industry: Department of Defense
Clearance: Active Top Secret (SCI preferred)

Required Qualifications:

• The senior candidate shall have 10 years experience in the related field
• The candidate shall have the appropriate DoD 8570 Information Assurance Management certification
  level, including Security+ Level 2, and CISSP Level 3 or equivalent certifications, and 3-5 years of classified
  information systems experience (at a minimum journeyman skill level) to develop and implement DoD
  security controls.
• Must have senior level industry experience demonstrating and practicing their knowledge, skills, and abilities in
  Information Systems Security.
• Risk Framework Management and Framework (RMF) certification packages experience
• Must Possess an active Top Secret security clearance, current within five (5) years, based upon a T5 or T5R
  investigation (formerly known as Single Scope Background Investigation (SSBI) or SSBI Periodic Review
  (SBPR)).
• Must have 12 months or more of experience in a SAP environment within the last five (5) years.
• Must be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.

• Sustain and update the formal IS security program as needed with the Government ISSM.
• Implement and enforce IS security policies.
• Review and endorse all IS assessment and authorization support documentation packages.
• Advise, provide guidance, and assist the IT/IA team to ensure compliance with established IS policies and procedures.
• Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
• Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
• Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, SysAdmin) and security training (e.g., ND-225 or equivalent) to carry out their duties.
• Advise ISSOs concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
• Ensure the development of system assessment and authorization documentation by reviewing and endorsing such documentation and recommending action to the DAO/SCA.
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
• Maintain, as required by the DAO/SCA, a repository for all system assessment and authorization documentation and modifications.
• Coordinate IS security inspections, tests, and reviews.
• Investigate and report (to the DAO/SCA and local management) security violations and incidents, as appropriate.
• Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
• Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
• Ensure development and implementation of an effective IS security education, training, and awareness program.
• Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
• Develop procedures for responding to security incidents, and for investigating and reporting (to the DAO/SCA and to local management) security violations and incidents, as appropriate.
• Serve as a member of the configuration management board, where one exists (however, the ISSM may elect to delegate this responsibility to the ISSO.)
• Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized

EOE/ADA

#clearance