Information Systems Security Manager (ISSM) (Cybersecurity) SME with Security Clearance
Gemini Industries Inc
2024-11-05 14:44:02
Chantilly, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Gemini Industries Inc. provides technical, management and operations services to support National Security projects. We provide rapid response to the critical needs of our customers and those they serve. We perform analyses and develop operations plans to anticipate and prepare for the future. And we deliver advanced technology to improve our customer's success in executing its mission. Gemini seeks innovative, results-oriented individuals with the creativity, initiative, and intelligence to overcome any challenge and succeed. Members of the Gemini team thrive in a culture that is anticipatory, agile, and schedule-driven; with a sense of urgency and a drive to succeed. Our culture involves: The best and brightest personnel Work at a high operations tempo Integrated teams delivering rapid solutions. An attitude that balances "I can make it better" with "As long as we succeed." Information Systems Security Manager (ISSM) (Cybersecurity) (SME)
Location: Fairfax, VA (Telework eligible) Clearance: TS Clearance, SCI Eligible Education: BA/BS (MA/MS preferred) Outcomes: The successful candidate is expected to accomplish the following outcomes during the first year in the position: Formally track all tasks, to include: assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request. Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks. Create 2-3 products beyond the client's requirements that positively impact the client to either increase efficiency, effectiveness, or innovation. Master position tasks within 60 days and exceed requirements within 90 days. Responsibilities: The Information Systems Security Manager (SME) will directly support the Secretary of the Air Force (SAF) / Concept Development Management Office (CDM) Mission Infrastructure Innovation Directorate (CDMM), Cyber Data Recon & Exploitation Division (CDRE). Mission Infrastructure Innovation Directorate provides design, configuration, accreditation and implementation of mission and R&D information management systems and cloud-based solutions that support defense and intelligence priorities as well as internal business processes and mission functions, network communications, database management, security accreditation, and workflow management. The Information Systems Security Manager (SME) shall provide and is responsible for ensuring the security and integrity of the organization's information systems, specifically in accordance with Department of Defense (DoD) and department of the Air Force cybersecurity requirements. This role involves developing, implementing, and managing security policies, procedures, and controls to protect classified and sensitive data from cyber threats. Additionally, the ISSM will provide efficient and effective management and operation of the organization, activities, or systems specifically related to cybersecurity in all phases of Risk Management Framework (RMF). Specific responsibilities include but are not limited to: Create and maintain executive-level briefings (1 Star or above) for CDMM engagements. Create, edit, and prepare for signature executive-level correspondence on behalf of the CDMM CDRE Division Chief. Support the execution of mission tasks by developing and maintaining project management plans and schedules for the organization. Develop strategies to address potential solutions to complex problems. Develop and document requirements from project inception to conclusion. Provide strategic advice, technical guidance, and expertise to program and project staff. Provide detailed analysis, evaluation, and recommendations for improvements, optimization, and/or maintenance efforts for specified mission-critical challenges/issues. Develop, implement, and maintain system categorizations, information security policies, security assessment procedures, security control traceability matrices (SCTM), in compliance with DoD risk management framework regulations and guidelines, including CNSSI 1253, DoD 8500, DoD 8510, DoD JSIG, NIST Special Publication Series, and DAF cybersecurity requirements. Oversee and conduct risk assessments, vulnerability assessments, and security audits to identify and mitigate potential security risks. Manage the implementation and operation of security tools and technologies, such as firewalls, intrusion detection systems, SIEM's, vulnerability scanners, anti-malware, encryption solutions, and cloud service provider cybersecurity tools, services, and features. Ensure compliance with DoD and DAF directives, including but not limited to FISMA, NIST, and DISA STIGs, DISA SRG's. Coordinate and manage security incident response activities, including detection, analysis, containment, eradication, and recovery. Provide security guidance and support to system owners, developers, and administrators throughout the system development lifecycle (SDLC). Lead / head cybersecurity Change Control Board for a cloud platform. Develop and conduct security awareness training programs for staff and contractors. Prepare and maintain security documentation, including but not limited to System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), security control plans/policies, security control assessment procedures, risk assessment reports, security assessment reports, incident response and after-action reports, vulnerability, and compliance reporting, and so on. Ability to translate technical and advanced cybersecurity research into consumable threat and vulnerability reporting for qualitative or quantitative decision making at the 07 GOFO level. Collaborate with external auditors, inspectors, and regulatory bodies during compliance reviews and inspections. Stay current with emerging cybersecurity threats, technologies, and DoD security requirements to continuously improve the organization's security posture. Participates in project performance review meetings and discussions. Support a cross-functional team of technical experts and government staff. Qualifications: The candidate must have the following qualifications: Minimum of 7 years of experience in information security, with at least 2 years in a management or leadership role. Advanced proficiency in Microsoft Office Software, specifically PowerPoint Proficiency with Xacta, Emass, Nessus, Trellix, Splunk or Elastic SIEM, and other cybersecurity compliance tools. Excellent oral, written, and interpersonal communication skills Ability to work under pressure and meet deadlines in a rapidly changing and demanding environment. Detail oriented, flexible, ability to context switch. Expert in various domains of Information Technology (IT, cloud, cybersecurity, networking, etc.) and ability to context switch from strategic intent and tactical emplacement of cyber mechanisms. Expert in two of the following domains - cyber threat intelligence, vulnerability analysis and vulnerability management, SIEM operations and defensive cyber operations, purple team operations, RMF execution and assessment and authorization activities, DoD R&D environments. Experience in overlapping domains at multiple classifications including vulnerability analysis, SIEM operations, cyber network defense, cyber operations, malware analysis, information systems security management, or engineering. Experience with DoD Joint Special Access Program Implementation Guide (JSIG), AF Cyber policies, NIST SP 800 Series, and CNSSI 1253 security controls and overlays. Experience operating in cloud cybersecurity and shared responsibility models, networking, and/or data experience. Expert in Risk Management Framework lifecycle, security control enforcement, body of evidence creation and continuous monitoring, assessment and authorization processes, and ability to operate in overlapping security control and overlay environments (CNSSI 1253, Executive Order 12333, PII/Privacy, HIPAA, Intelligence, etc.) DoD 8570.01-M IAM Level III certification (e.g., CISSP, CISM) The following qualifications are desired: Experience with Department of Defense (DoD) and/or AF administrative processes (preferred) Experience working with general officers, flag officers, senior executive service members (preferred) Cloud Service Provider Certifications (preferred) Travel: Summarize the travel requirements Other Requirements: We seek: Highly motivated self-starters Resourceful individuals with extraordinary intellectual capability and the ability to rapidly learn and apply new concepts. Individuals who have a "let me try" attitude and are resilient, present an opinion/position, justify it, and then accept whatever decision is made and charge forward. Individuals who view criticism as an opportunity to improve ("let me try again") Individuals who think and create, enhancing the company with a steady flow of fresh ideas, perspective, and energy. Direct Inquiries and Resumes to our Talent Management Team:
Yashira Santiago
Gemini Industries Inc.
Telephone: 286 - 4777
Gemini Industries Inc. is proud to be an Equal Opportunity / Affirmative Action Employer. We are committed to abiding by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, protected veteran status or disability and any other basis protected by applicable law.