Address
Form of workSR. INFORMATION SYSTEM SECURITY MANAGER (ISSM)
Based out of Rocket Lab's Headquarters in Long Beach, CA the Sr. Information System Security Manager (ISSM)is responsible for maintaining the overall security posture for all Rocket Lab classified Information Systems and is accountable for the implementation of the Risk Management Framework (RMF). The ISSM serves as the principal advisor on all matters, technical and otherwise, involving the security of the classified Information Systems. In this role you will support the Corporate CPSO/FSO and Government Program Security organization.
WHAT YOU'LL GET TO DO:
- Develop and continually improve/maintain the Information System Security program and related policies as needed for a variety of Information Systems and areas of responsibility. This includes all documentation for Information System authorization, security management, Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), and continuous monitoring (CONMON) for all classified Information System types.
- Ensure classified Information Systems meet cybersecurity requirements and government directives through the performance of system auditing, vulnerability risk assessments, assured file transfers, hardware and software configuration management, data integrity control implementation, and investigations on security violations and/or incidents.
- Provide cybersecurity education and training to all system users; Provide technical and procedural Information System security expertise as needed.
- Assume System Administrator and ISSE/ISSO responsibilities as necessary and assist in other disciplines of Security as needed to support the program.
- Develop, maintain, and update, in coordination with all system stakeholders, any required POA&Ms in order to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions. Entries in the POA&M will be based on vulnerabilities and recommendations identified during assessments.
- Maintain the system(s) in accordance with the security plan and Authorization to Operate (ATO); manage, maintain, and execute the continuous monitoring strategy.
- Ensure approved procedures are used for sanitizing and releasing system components and media.
- Provide indirect supervision and training of less experienced security staff members.
- Support Business Development by providing security requirements and the estimation of security support for proposals.
- Perform other security-related duties as assigned or required by program needs.
YOU'LL BRING THESE QUALIFICATIONS:
- Bachelor's Degree in Computer Science or related technical discipline preferred, or the equivalent combination of education, professional training, or work experience culminating in at least 8 years of experience in cybersecurity, information technology, or a related field as an ISSM, ISSO, or System Administrator implementing or managing cybersecurity requirements, security plans, and accreditation packages for classified Information Systems under DoD and/or IC organizations.
- Must be a U.S. Citizen with a current SSBI and must maintain an active Top Secret SCI clearance with polygraph as required by program sponsor(s).
- Must possess or be able to obtain DoD 8570 IAM Level III security certification within 4 months of employment (CISSP or CASP equivalent).
- Experience with DAAPM, NISPOM, ICD 503, NIST 800-53, and NIST 800-171 implementations.
- Experience with cyber tools (Nessus, Splunk, etc.).
- Ability to travel in support of other locations or programs when required.
The selected candidate will be required to work onsite at the listed location.
THESE QUALIFICATIONS WOULD BE NICE TO HAVE: (5)
- Strong interpersonal skills with the ability to communicate with both senior level leaders, internal and external personnel, and customers on significant matters.
- Must be a self-driven and results-oriented individual capable of effectively working multiple day-to-day tasks concurrently while maintaining the ability to articulate and present intelligent, decisive, and risk-managed security recommendations and decisions in a dynamic, fast-paced environment.
- Experience developing and executing program protection strategies for existing and developing NISP, SAR, and/or SCI programs
- Ability to manage large projects or processes that span outside of immediate job area.
