Address
Form of work3RC is seeking candidates with 12+ years of cybersecurity experience to join our team as an Information Systems Security Manager (ISSM). The Information Systems Security Manager position supports the Naval Health Research Center’s (NHRC) mission in San Diego CA. The ISSM will secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities. They oversee/perform cyber security functions, work with other security professionals in developing and implementing strategies to detect and mitigate threats to Information Systems, protect critical data sets, and provide assessments of system and network vulnerabilities. They will analyze threats and develop and implement best practices methodologies for incident detection, reporting, and vulnerability remediation.
Primary responsibilities:
- Advise senior management on risk levels and security posture.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.
- Collect /maintain data needed to meet system cybersecurity reporting.
- Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
- Ensure security improvement actions are evaluated, validated, and implemented as required.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
- Identify alternative information security strategies to address organizational security objective.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the cybersecurity program.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Oversee the information security training and awareness program.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
- Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.
- Ensure plans of actions and milestones (POA&Ms) are in place for identified vulnerabilities.
- Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals.
- Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).
- Continuously validate the organization against policies/guidelines/ procedures/regulations/laws to ensure compliance.
- Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems.
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
- Evaluate and approve development efforts to ensure that baseline security safeguards controls/measures are appropriately installed.
- Evaluate cost benefit, economic, and risk analysis in decision making process.
- Interpret and/or approve security requirements relative to the capabilities of new information technologies.
- Monitor and evaluate the effectiveness of cybersecurity safeguards to ensure they provide the intended level of protection.
- Participate in risk assessment and authorization per Risk Management Framework processes.
- Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
- Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Recommend policy and coordinate review and approval.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.
- Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
- Facilitate movement of multiple Information Systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews
- Serve as the Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
- Conduct risk and vulnerability assessments of Information Systems to identify vulnerabilities, risks, and protection needs
- Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts
- Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity threats /RMF policies
- Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
- Assess system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
- Analyze vulnerability scans of Information Systems and assist in remediation tasks
Required Qualifications:
- DoD 8570/8140 certification (IAT or IAM Level 3)
- Hands on experience with the DoD tool eMASS
- Demonstrated experience with Risk Management Framework (Experience under DHA a plus)
- Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
- Familiarity with NIST publications
- Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
- Excellent customer service and organization skills
- Excellent oral and written communication skills
Desired Qualifications:
- Experience with DoD Cyber tools: eMASS, ACAS, and HBSS/ESS
- Experience in RMF policy development, process improvement, and strategy implementation
- Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
- Knowledge of Phoenix, Tanium, and MECM
- Knowledge in one or more of the following technologies:
- Medical devices
- Windows, Linux, and Unix OS
- Network Devices
- Databases - MS SQL, Oracle
- VMWare - Virtualization
Clearance Required:
- Active Secret security clearance
Company Paid Standard Benefits:
- Short/Long Term Disability
- Basic Life Insurance
- Direct Payroll Deposit
- Leave Accrual
- Holidays
- 401(k) Match
Employee/Company Shared Benefits:
- Additional (Voluntary) Life Insurance
- 401(k)
- Medical Coverage
- Dental Coverage
- Vision Care Plan
- Flexible Spending Account Plan
