Information Systems Security Manager - ISSM (Manager, Information Assurance, Privacy & Security)
-
Littleton, Colorado, United States
Job Description: Information System Security Manager
Join our team of innovators and get a chance to work alongside a team of talented, curious people that are passionate about designing and deploying solutions that are accelerating humanity’s expansion into space.
We have a current opportunity for an Information Systems Security Manager (ISSM) as a part of the Cybersecurity & Compliance team located at our Littleton, Colorado facility. In this role you will work report to the Chief Information Security Officer (CISO). The ISSM leads a team of Information Systems Security Officers who ensure secure operations of networks in specific locations. The ISSM will also serve as the ISSO for our Littleton location.
Summary
The Information Systems Security Officer (ISSM) is the principal advisor to the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) and provides support for the program, organization, information system, or network enclave Information Assurance (IA) program. The ISSM maintains operational security posture for assigned information system(s) or program(s) to ensure information systems security policies, standards, and procedures are established and followed. The ISSM assists with the management of security aspects of the information system and performs day-to-day security operations of the system.
Responsibilities
- Reports to the Chief Information Systems Officer (CISO) and works closely with the Facility and Personnel Security Teams.
- Collaborate with the CISO to establish and implement a strategic, comprehensive enterprise information security and IT risk management program.
- Demonstrate leadership, decision-making skills to develop and manage a team to implement the strategy for enterprise security within assigned systems.
- Lead incident response planning and oversee the investigation of security breaches and incident reporting.
- Provide input to the CIO and CISO on disciplinary and legal matters associated with security breaches and incidents.
- Learn the role of the CISO and develop the skills necessary to act in a Deputy CISO capacity.
- Implement an NSA COMSEC account and provide oversight to COMSEC users.
- Develop and maintain information systems security implementation policy and guidelines of network security using the Risk Management Framework (RMF) and other relevant industry and governmental standards such as the Joint Special Access Program Implementation Guide (JSIG)
- Prepare and review Authorization to Operate (ATO) documentation to include Systems Security Plans (SSPs), the Plan of Action and Milestones (POA&M), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Control Traceability Matrices (SCTMs); support security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF) and DoD Information Assurance System Certification and Accreditation Process (DIACAP).
- Maintain configuration management (CM) documentation for information system security software, hardware, and firmware; manage changes to system and assess the security impact of those changes.
- Serve as Information Assurance representative on Configuration Change Boards (CCB).
- Maintain Continuous Monitoring (CM) Program for assigned systems to include vulnerability scans and audit log checks.
- Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.
- Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.
- Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties.
- Conduct cybersecurity related training for system users.
- Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
- Serve as Trusted Agent for assigned systems.
- Work with System Administrators to define, implement, and test security controls.
- Document security events and incidents in coordination with Facility Security Office.
- Maintain professional and technical knowledge by attending educational workshops, reviewing professional publications, establishing personal networks, benchmarking state-of-the-art practices, and participating in professional societies.
- Coordinate with IT management with planning, installation and certifications of new and replacement network infrastructure and equipment.
Requirements
- Currently holds or can obtain Top Secret Clearance at both SCI and SAP levels.
- Bachelor’s degree or higher in cybersecurity or information security with 12 or more years of experience. May consider equivalent experience in lieu of degree.
- Be a US Citizen due to access to controlled information systems and security vulnerability information.
- Meets DoD IAT Level I as specified in Appendix 3 of DoD Manual 8570.01 such as maintaining a current CompTIA Security Plus certification.
- Experience leading a team of Information Security Professionals
- Experience with DoD, federal, or DoD Contractor classified information systems.
- Experience using the NIST Special Procedures 800-53, 800-37 and 800-171
- Experience preparing DoD Authority to Operate (ATO) or Authority to Connect (ATC) documents for approval.
- Successful completion of SAP and DCSA audits of Information Systems.
Desired Skills
- Familiarity with various tools to capture, organize, and audit security related events.
- Familiarity with TEMPEST requirements and certifications
- Foundational understanding of Communications Security (COMSEC)
- Foundational understanding of basic networking technologies (routers, switches, proxies, etc.)
- Foundational understanding of basic security technologies (IDPS, firewalls, antivirus, SIEM, etc.)
- Foundational understanding of threat identification and mitigation.
- Foundational understanding of vulnerability scanning and management.
- Fundamental understanding of encryption technologies used for data in transit and data at rest.
- Foundational understanding of information system security design and compliance.
Salary range: $137,500 - $215,000
Grow with us as we innovate the next generation capabilities for a new era of space exploration! We offer a highly competitive benefits package along with a commitment to our core values of Integrity, Innovation, Impact, Inclusion, and Excellence.
Redwire is an Equal Opportunity Employer; employment with Redwire is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
All offers of employment at Redwire are contingent upon clear results of a thorough background check and your ability to provide proof of eligibility to work in the US. Note that some positions will also require US citizenship or ability to obtain a security clearance due to requirements of a classified program.
