We’re looking for an experienced Information Systems Security Manager (ISSM) to drive our information security program, shaping strategic initiatives that protect our organization’s assets and data. This role is ideal for someone passionate about developing security protocols, engaging with cross-functional teams, and fostering a culture of security awareness. You’ll lead incident response, oversee regulatory compliance, and act as our representative with external stakeholders, including government agencies and vendors.
What You’ll Do
Develop and Enhance Our Information Security Program
- Design, implement, and refine a robust information security program, including policies, procedures, and best practices.
- Regularly assess and update our security strategies to align with industry standards and regulatory requirements.
Ensure Regulatory Compliance
- Maintain compliance with security standards, such as NIST, FISMA, and JSIG.
- Conduct audits and assessments to verify compliance, addressing any findings.
Implement and Manage Security Controls
- Lead the implementation of access controls, data encryption, and other security measures.
- Collaborate with IT and other teams to integrate security into systems and processes.
Manage Incident Response
- Oversee our incident response efforts, investigating and coordinating the resolution of security incidents.
- Develop and regularly test an incident response plan to ensure team preparedness.
Provide Technical Guidance
- Support technical teams with guidance on security solutions and emerging technologies.
- Stay informed on evolving security threats and recommend proactive strategies.
Risk Assessment and Mitigation
- Conduct security risk assessments to identify vulnerabilities.
- Develop and execute risk mitigation plans to address security threats effectively.
Documentation and Compliance Management
- Maintain comprehensive documentation for RMF processes, including SOPs and security plans.
- Ensure adherence to JSIG and other relevant security policies.
Engage with External Stakeholders
- Represent our organization in communications with government agencies, auditors, and vendors.
- Present security reports and updates to senior management and external partners as needed.
Drive Continuous Improvement
- Regularly evaluate the effectiveness of our security program, implementing improvements as necessary.
- Encourage organization-wide feedback and collaboration to strengthen our security culture.
What We’re Looking For
Requirements
- Active TS/SCI clearance with eligibility for CI Poly.
- IAM Level III certification (e.g., GSLC, CISM, CISSP, CCISO) or ability to obtain within six months.
- Bachelor’s degree in Computer Science, Information Systems Management, Engineering, or a related field; or 4 years of relevant work experience in place of a degree.
- 8+ years in cybersecurity or a related field, including leadership experience.
- 2+ years of cybersecurity experience within the DoD or Intelligence community.
- Strong understanding of cybersecurity principles, tools, and techniques.
- Security+ or equivalent (DoD 8570) certification if not already IAM Level III certified.
- Demonstrated leadership experience and a proactive approach to security.
Preferred Qualifications
- Experience as a Cyber or Security Analyst or Security Control Assessor (SCA) for federal systems.
- Familiarity with Special Access Programs (SAPs) and Intelligence Community (IC).
- Understanding of the Joint Special Access Program Implementation Guide (JSIG).
- Adaptability in fast-paced environments and comfort with ambiguity.
- Knowledge of cloud security and agile methodologies.
- Strong self-management skills with emphasis on initiative and follow-through.
- Proven communication skills, both written and verbal.
- Ability to build trusted advisor relationships with clients.