JobsEQ by Chmura Logo

Information System Security Manager (ISSM)

CWU, Inc.

Location: Tampa, FL 33607 (Carver City area)
Type: Full-Time, Non-Remote
Posted on: February 12, 2021
This job is no longer available from the source.
Information System Security Manager (ISSM)
CWU, Inc.
79 reviews
Tampa, FL 33607
CWU, Inc.
79 reviews
Read what people are saying about working here.
Job details
Job Type
Full-time
Number of hires for this role
1
Qualifications
• • Bachelor's (Preferred)
• (related) Cyber Security: 5 years (Preferred)
• NIST 800-171 Compliance: 1 year (Preferred)
• US work authorization (Preferred)
• Top Secret (Preferred)
Full Job Description Job Title: Information System Security Manager (ISSM)
Duty Location : Corporate Office/Tampa, Florida
JOB DESCRIPTION
The ISSM is responsible for applying Information System (IS) security principles, practices, and procedures under the Risk Management Framework (RMF) to maintain compliance with applicable security regulations, such as NIST, CNSSI, and NISPOM, governing the development and management of classified information systems. This position will be responsible for managing the program’s overarching security effort and representing the program to the sponsor’s security organization. This position requires the ISSM to be a strong advocate for integrating security into front-end requirements and overseeing the implementation and sustainment of security controls in all stages of the program lifecycle.
PRIMARY DUTIES AND RESPONSIBILITIES
• Developing, maintaining, and overseeing the system security program and policies for their assigned area of responsibility.
• Ensuring compliance with current cyber security policies, concepts, and measures when designing, procuring, adopting, and developing a new system.
• Ensuring the fulfilment of IO data requirements (e.g., storage, processing, Assured File Transfer (AFT), incident response, collection, dissemination, and disposal).
• Developing and implementing an effective system security education, training, and awareness program.
• Maintaining a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Possessing sufficient experience, commanding adequate resources, and being organizationally aligned to ensure prompt support and successful execution of a robust system security program.
• Complete training identified in ISSM Required Training Table w/in 6 months of appointment.
• Monitoring all available resources that provide warnings of system vulnerabilities or ongoing attacks and reporting them, as necessary.
• Developing, documenting, and monitoring compliance with and reporting of the facility’s system security program in accordance with Cognizant Security Activity (CSA) guidelines for management, operational and technical controls.
• Performing risk assessments and documenting results in a RAR and keeping the risk assessment current throughout the acquisition/development portion of the system life cycle.
• Developing, maintaining, and updating, in coordination with all system stakeholders, POA&Ms in order to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions. Entries in the POA&M will be based on vulnerabilities and recommendations identified during assessments.
• Certifying to the AO, in writing, that the requirements and implementation procedures listed within the security plan are in accordance with the NISPOM, NIST SP 800-53 and DAAPM
• Submitting the security plan and supporting artifacts to the ISSP for AO review and consideration.
• Ensuring all system security documentation is current and accessible to properly authorized individuals.
• Implementing security controls to protect the system, in coordination with system stakeholders
• Maintaining the system in accordance with the security plan and Authorization to Operate (ATO)
• Ensuring audit records are collected and analyzed in accordance with security plan.
• Coordinating system authorizations with the ISSP and AO.
• Obtaining and maintaining NISP Enterprise Mission Assurance Support Services (eMASS) access in order to effectively manage all security authorizations for systems under purview.
• Managing, maintaining, and executing the continuous monitoring strategy
• Conducting periodic assessments of authorized systems and ensuring corrective actions are taken for all identified findings and vulnerabilities
• Monitoring system recovery processes to ensure security features and procedures are properly restored and functioning correctly
• Ensuring configuration management policies and procedures are followed
• Assessing changes to a system that could affect the authorization.
• Verifying enhancements to existing systems provide equal or improved security features and safeguards.
• Ensuring approved procedures are used for sanitizing and releasing system components and media
• Ensuring proper measures are taken when system incident or vulnerability affecting classified systems or information is discovered
• Reporting all security-related incidents
• Ensuring all users have the requisite security clearance, authorization and Need-to-Know (NTK).
• Briefing users on their responsibilities with regard to system security, and verifying that cleared contractor personnel are trained on the system’s prescribed security restrictions and safeguards before they are allowed to access the system
• Coordinating with the Facility Security Officer (FSO) and the Insider Threat Program Senior Official (ITPSO) to ensure insider threat awareness is addressed within the system security programs.
• Ensuring user activity monitoring data is analyzed stored and protected in accordance with the ITPSO policies and procedures.
*All other duties as directed by the Senior Level Management. *
QUALIFICATIONS/EXPERIENCE
• Minimum (5) years of related Cyber Security experience.
• Knowledge of Enterprise Mission Assurance Support Service (eMASS)
• Must possess and maintain working knowledge of system functions, security polices, technical security safeguards, and operational security measures.
• Must possess sufficient experience to ensure prompt support and execution of a robust IS security program.
• Must possess an active Top Secret (TS) or TS/SCI security clearance.
• Must be a US Citizen.
• Experience with NIST 800-171 Compliance
• Knowledgeable with Cybersecurity Maturity Model Certification (CMMC) compliance standards / requirements
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Professional written, verbal, and time management skills
• Must be able to work non-standard hours as required.
• Must be able to travel if requested.
Education and Certifications
• Preferred Bachelor’s Degree in Computer Engineering / Computer Science
• CISSP Credentials Preferred
The following CDSE Courses must be completed within the first six month of appointment
· Categorization of the System
· CS102.16
· Selecting Security Controls
· CS103.16
· Implementation of Controls
· CS104.16
· Assessing Security Controls
· CS105.16
· Authorizing Systems
· CS106.16
· Monitoring Security Controls
· CS107.16
· Continuous Monitoring
· CS200.16
CWU, Inc. is an industry leader, providing professional services including but not limited to: training specialists, linguists and field subject matter experts, in addition to operational and training support customers in the defense, intelligence, Homeland Security, federal, civil and commercial sectors.
CWU, Inc. is an Affirmative Action/Equal Opportunity Employer and is strongly committed to all policies which will afford equal opportunity employment to all qualified persons without regard to age, ancestry, color, marital status, national origin, race, religious creed, sex, sexual orientation, for employment practices in accordance with Title VI and VII of the Civil Rights Act of 1964, Title IX of the Educational Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, Revised 1992, and the American with Disabilities Act of 1990.
JOB INFORMATION
Due to Federal Contract Regulations, U.S. Citizenship is required for these positions.
Job Type: Full-time
Benefits:
• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance
Education:
• Bachelor's (Preferred)
Experience:
• (related) Cyber Security: 5 years (Preferred)
• NIST 800-171 Compliance: 1 year (Preferred)
Security Clearance:
• Top Secret (Preferred)
Willingness To Travel:
• 25% (Preferred)
Work Location:
• One location
This Job Is Ideal for Someone Who Is:
• Detail-oriented -- would rather focus on the details of work than the bigger picture
• High stress tolerance -- thrives in a high-pressure environment
Work Remotely:
• No
COVID-19 Precaution(s):
• Temperature screenings
• Social distancing guidelines in place
• Virtual meetings
• Sanitizing, disinfecting, or cleaning procedures in place