Information System Security Manager with Security Clearance

---

Job description

Information System Security Manager Clearance: TS/SCI with Polygraph Reston, VA Supporting the Most Exciting and Meaningful Missions in the World Cyber and Information Security Specialist (INFOSEC) perform functions in support of the directorate's Information System Security Manager (ISSM) and deliver outcomes as follows: Review and analyze systems architecture diagrams and networks. Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities. Assist program systems owners and/or service providers throughout the risk management framework (RMF), including the assessment and authorization (A&A) processes, as follows: Provide advice to program system owners and/or service providers on the creation of required system documentation or body of evidence; review and provide recommendation for approval or disapproval, as appropriate. Assess security and privacy controls and data protection in sponsor information systems and environments of operation as part of the initial security assessment and during operational changes affecting information systems' security posture. Assist the security control accessors (SCA), as appropriate, in performing security systems assessments and reviewing risk elements in the executive Risk System (ERS) report. Create plans of action & milestones (POA&Ms) and/or request risk acceptance through a security assessor(SA) , who will certify the ERS report to the appropriate authorizing official (AO) or designated AO. Regarding the RMF and A&A processes, produce an annual A&A report of trends, challenges, and risk with recommended mitigation and process improvements. Provide oversight and guidance to ensure compliance with program information security regulations and policies on processes and request, such as Data Transfer Request; Access Request; Service/Change Request; Purchase Request; Accountable Property Management; Waivers, including medical devises and introduction (use) of equipment /devises into SCIF; and Equipment Transport. Produce a Weekly Activity Report. Facilitate development, maintenance and security review of AIS security plans for computers, networks, and information systems deployed and used at contractor facilities, ensuring that sponsor and program approving signatures are acquired and documented. Conduct technical exchange meetings to facilitate AIS security solutions for both industrial contractors and government systems; and produce comprehensive solutions to technically complex systems and challenges. Ensure documentation is complete and accurate in accordance with sponsor and program AIS policies and requirements. As necessary, support the investigation of virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information. Write reports based on technical analysis of sponsor or industrial partners systems, and as applicable provide recommendations for mitigating issues in the future. Analysis systems , including forensically, for malware, misuse, and/or unauthorized activity. Ensure discovered cyber incidents and data spills are reported per program SOP; support investigations and remediation/clean up as necessary, and provide guidance in coordination with program security management and other groups as appropriate. Provide information security training and refine, edit, and maintain training material, as necessary to ensure it is up to date with current policies, regulations, and best practices. Participate in project review meetings and provide technical cyber security advise/expertise to program personnel. Advise on technical and performance characteristics of new technologies, as relates to sponsor policies and regulations. Review complex sponsor and industrial partners system designs for security risk and compliance with sponsor policy and regulations; propose resolution and preventive strategies. Communicate complex technical concepts, project information, and security policy clearly and concisely to both technical and non-technical audiences. Provide briefings and/or training on sponsor's INFOSEC policies and regulations. Provide a quarterly Security Control Status Report (SCSR) that identifies security risk and trends through the ranking of the 77 Control Families.

<!– job description page –>