Information System Security Manager (ISSM) I

Amatriot Group, LLC

Marlborough, MA

JOB DETAILS
SALARY
$141,500–$143,500 Per Year
SKILLS
Access Authorization, Administrative Skills, Air Force, Change Control, Computer Firmware, Computer Security, Configuration Management, Documentation, Government, High School Diploma, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Intrusion Detection Systems, Investigative Reports, Military, Network Administration/Management, Network Integration, Network Security, Operations Planning, Operations Security (OPSEC), Policy Development, Policy Implementation, Procedure Development, Project/Program Coordination, Project/Program Management, Quality Assurance Methodology, Risk Analysis, Risk Management Framework (RMF), SAP, Security Analysis, Security Clearance, Security Monitoring, Security Policy, Sensitive Compartmented Information (SCI), System Lifecycle, Systems Administration/Management, Systems Analysis, Testing, Top Secret Clearance, Training Program, United States Department of Defense (DoD), Verification Plans
LOCATION
Marlborough, MA
POSTED
2 days ago

Location: Hanscom AFB, MA
Security Clearance: Active TS/SCI (Must be able to obtain a CI Poly)
Job Type: Full-Time

Target Salary Range*:$141,500 - $143,500

*This represents the potential salary range for this position depending on education level, years of experience and/or certifications in addition to other position specific requirements which may impact salary


Position Overview

The Information System Security Manager I serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. This position primarily supports Special Access Programs for Department of Defense agencies, including HQ Air Force, the Office of the Secretary of Defense, and Military Compartment efforts, and provides day-to-day support for Collateral, Sensitive Compartmented Information, and Special Access Program activities.


Key Responsibilities

Information Systems Security Program Management

  • Perform oversight of the development, implementation, and evaluation of information system security program policy, with special emphasis on integrating existing SAP network infrastructures.
  • Develop and maintain a formal Information Systems Security Program.
  • Develop and oversee operational information systems security implementation policy and network security guidelines based on the Risk Management Framework, with emphasis on the Joint Special Access Program Implementation Guide authorization process.
  • Institute and implement a Configuration Control Board charter.
  • Ensure data ownership and responsibilities are established for each authorization boundary, including accountability, access rights, and special handling requirements.
  • Ensure system security requirements are addressed during all phases of the system life cycle.

Risk Management Framework and Authorization Support

  • Advise the customer on Risk Management Framework assessment and authorization issues.
  • Perform risk assessments and make recommendations to DoD agency customers.
  • Advise government program managers on security testing methodologies and processes.
  • Evaluate authorization documentation and provide written recommendations for authorization to government program managers.
  • Develop, review, endorse, and recommend action by the Authorizing Official or Designated Authorizing Official for system assessment documentation.
  • Maintain an applicable repository for all system authorization documentation and modifications.
  • Ensure authorization is accomplished and that a valid authorization determination has been given for all authorization boundaries under the position’s purview.
  • Review AIS assessment plans.
  • Ensure all authorization documentation is current and accessible to properly authorized individuals.

Security Assessment, Monitoring, and Configuration Management

  • Develop and execute security assessment plans that include verification that the features and assurances required for each protection level are functioning.
  • Evaluate threats and vulnerabilities to determine whether additional safeguards are needed.
  • Assess changes in the system, its environment, and operational needs that could affect authorization.
  • Conduct periodic assessments of the security posture of authorization boundaries.
  • Ensure configuration management for security-relevant changes to software, hardware, and firmware, and ensure changes are properly documented.
  • Ensure periodic testing is conducted to evaluate the security posture of information systems by employing various intrusion, attack detection, and monitoring tools as a shared responsibility with ISSOs.
  • Ensure system recovery and reconstitution processes are developed and monitored to ensure the authorization boundary can be recovered based on its availability level determination.

Incident Response, Media Protection, and External Systems

  • Develop policies and procedures for responding to security incidents, including investigating and reporting security violations and incidents.
  • Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system.
  • Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
  • Coordinate with the Program Security Officer or cognizant security official on approval of external information systems, including guest systems and interconnected systems with another organization.
  • Develop Assured File Transfers in accordance with the Joint Special Access Program Implementation Guide.

Training, Self-Inspections, and ISSO Support

  • Ensure all IAOs, network administrators, and other cybersecurity personnel receive the necessary technical and security training to carry out their duties.
  • Ensure development and implementation of an information security education, training, and awareness program, including attending, monitoring, and presenting local cybersecurity training.
  • Participate in self-inspections.
  • Conduct the duties of the Information System Security Officer if one is not present and/or available.

Qualifications

Education

  • Bachelor’s degree and 5 years of relevant experience; or
  • Associate degree and 7 years of relevant experience; or
  • High school diploma or GED and 9 years of relevant experience.

Experience

  • 5-7 years related experience
  • Prior performance in roles such as ISSO or ISSM
  • SAP experience

Certifications:

  • IAT Level 2 or IAM Level 1

About the Company

A

Amatriot Group, LLC