Information Systems Security Manager

Vicksburg, MS |Full Time
In order to apply for this or any other job you will need to log in.

Position Description

Dynetics is seeking a Information System Security Manager (ISSM) with a focus on cloud security to work with a team of other ISSMs charged with overseeing multiple USACE cloud environments defining and managing cybersecurity to achieve and maintain authorizations under the Risk Management Framework (RMF). This position will support multiple cloud systems and projects. The ISSM will establish and document standard security procedures in accordance with the RMF requirements. The ISSM will coordinate with business area managers /professional staff on system security compliance. The ISSM will be responsible for implementing, maintaining, and supporting RMF Information System ATOs. They will conduct periodic reviews to ensure compliance with established policies and procedures. This includes, but is not limited to ensuring that all software and system changes are recorded, as required by established configuration management procedures. The ISSM will ensure implementation of security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate. Ensure systems are operated, maintained, and disposed of in accordance with applicable governing policies and procedures.

Regular tasking includes, but is not limited to, secure baseline identification and validation per security categorization and subsequent system security plan, vulnerability and threat assessment, FEDRAMP and DISA Cloud Access Point interactions. Direct the DoD RMF accreditation process to achieve ATOs through the Enterprise Mission Assurance Support Service (eMASS).

Responsibilities include:

- Developing and maintaining system cybersecurity programs for USACE cloud systems that include cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.

- Ensuring that Information Owners and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each USACE cloud system are identified in order to establish accountability, access approvals, and special handling requirements.

- Maintaining all USACE cloud cybersecurity-related documentation in Enterprise Mission Assurance Support Service (eMASS).

- Monitoring USACE cloud compliance with cybersecurity policy, as appropriate, and reviewing the results of such monitoring.

- Ensuring that cybersecurity inspections, tests, and reviews are synchronized and coordinated with impacted parties and organizations.

- Ensuring implementation of IS security measures and procedures, including reporting incidents to the Cloud PMO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 4 for CUI.

- Acting as a cybersecurity technical advisor for USACE cloud projects, USACE Cloud PMO, and the USACE ISSM-P

- Ensuring that cybersecurity-related events or configuration changes that may impact USACE cloud systems authorization or security posture are formally reported to the Authorizing Official (AO) and other impacted parties, such as Information Owners (IOs) and stewards and AOs of interconnected DoD ISs.

- Ensuring the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.

- Managing all cloud system Plan of Action and Milestones (POA&M) items in eMASS and ensuring continuous monitoring requirements are met.

- Reviewing the Federal Risk and Authorization Management Program (FedRAMP) and DoD Provisional Authority (PA) artifacts to understand the risk that the AO will inherit for USACE cloud systems.

IND3

Basic Qualifications

- Bachelor’s degree in Computer Science/Information Technology preferred; Bachelor in other major with years of experience and certification is acceptable.

- Certifications: DOD 8570.01, IAM-II/IAM-III (CISSP or CAP or CISM-required)

- Eight (8) or more years’ experience in the following areas:

  • Cybersecurity, Information Assurance / Information System Security Engineering for Cloud initiatives
  • FEDRAMP certification process and DISA Cloud Access Point process
  • RMF and eMASS accreditation (NIST SP800-53A, CNSSI 1253, DOD8500.1, DOD 8510.01)
  • DISA STIG and SRR compliance test and verification 
  • ACAS/SCAP vulnerability scanning and secure baseline/system security plan continuous monitoring
  • DoD and Army Information Security regulations, publications, and policy 
  • Demonstrated experience applying security risk assessment methodology to system development and existing IT infrastructure, including threat model development, vulnerability assessments, and resulting security risk analysis

Other Qualifications

- Additional desired certifications include CCNA, CCSP, MCSE, and/or SANS GIAC.

- Working knowledge of standard cloud technologies to include IaaS, PaaS, and SaaS

Experience with :

  • Microsoft Azure, AWS, or OCS
  • HBSS
  • ACAS

- Information Assurance, Cybersecurity, and Certification & Accreditation experience

- Experience developing Assess & Authorize documentation from scratch and performing assessments.

Security Requirements

Candidate must be a US Citizen and possess (as well as maintain) a Final Secret Clearance.

Job Number:
01.02.01-285
Closing Date:
01/14/2020
#CJ

You might also like