Scope: The Information Systems Security Manager is responsible for maintaining compliance with applicable security regulations and performing all security related duties as required at the assigned facility(ies). This entails the design and successful execution of an IT security program which exceeds customer expectations, and minimizes security risks. He or she must apply a comprehensive knowledge of information technology security principles, practices and procedures to develop, implement, and manage the overall information system security program to support the FSO of the facility. Ensures assigned Information Systems (IS) are properly managed, according to the DoD 5220.22-M the National Industrial Security Program Operating Manual (NISPOM) and other security directives as required.
Responsibilities & Tasks:
- Establishes, documents, implements, and monitors the Information System (IS) Security Program and related procedures for the facility.
- Ensures Information System (IS) compliance in accordance with the Risk Management Framework (RMF), National Industrial Security Program Operating Manual (NISPOM) and the DSS Assessment and Authorization Process manual (DAAPM).
- Ensure that other supported policies and procedures may be required for the certification and accreditation process which maybe mandated by the Customer or other U.S. Government agency.
- Ensures the development, documentation and presentation of IS security education, awareness and training activities for IS personnel, users, and others, as appropriate.
- Conduct self-inspections to ensure that the IS function is operating as accredited and that accreditation conditions have not changed.
- Ensures the development of facility procedures to:
- Govern marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media and equipment containing classified information.
- Report IS security incidents to the Facility Security Officer; assuring proper protection or corrective measures have been taken when an incident/vulnerability has been discovered.
- Implement security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate or needed.
- Inform the Customer, U.S Government Defense Security Service and FSO of security relevant changes to accredited information systems as required.
- Responsible for developing and maintaining an IS security audit and accountability program.
- If applicable, responsible for the oversight and continued training and education of Information System Security Officer(s) (ISSO).
- Responsible for GSC quarterly updates and presentations.
- Other related duties as assigned by supervisor.
Education (Highest Level Required/Preferred):
Bachelor degree required.
Specific Degree Field, only if required: Computer Science or related concentration.
Preferred certifications that meet the basic requirement for Information Assurance Manager (IAM) Level II, per DoD 8570.01-M, January 24, 2012:
- ISC2 Certified Authorization Professional (CAP)
- ISC2 Certified Information System Security Professional (CISSP (or Associate))
- ISACA Certified Information Security Manager (CISM)
- CompTIA Advanced Security Practitioner (CASP)
- GIAC Security Leadership (GSLC)
Functional (Using Skill Set): 5-10 years
Industry: 3-5 years
Knowledge, Skills, Abilities Required (Unique and Measurable):
- Expert knowledge of the Risk Management Framework (RMF), National Industrial Security Program Operating Manual (NISPOM) and the DSS Assessment and Authorization Process manual (DAAPM).
- Expert knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls, based on NIST SP 800-53r4, as they are mapped to the corresponding NISPOM and RMF references.
- Working knowledge of SCAP and STIG Viewer.
- Experience/Knowledge of the following Operating Systems:
- Microsoft Windows Server 2000, 2003, 2008
- Microsoft Windows 7 Professional/Ultimate
- Various flavors of UNIX and Linux
- Highly proficient with productivity software such as Microsoft Word, Excel, PowerPoint, and Outlook.
- Proven analytical and problem-solving experience.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Excellent, written, oral, and interpersonal communication skills.
- Ability to present ideas in a business-friendly and user-friendly (non-technical) language.
- Highly self-motivated and directed.
- Team oriented mentality and skilled in working within a collaborative environment.