Apply on Employer Site

Booz Allen Hamilton · 10 hours ago

Information Systems Security Manager

Chantilly, VA

Full-time

Hybrid

Mid, Senior Level

$78K/yr - $176K/yr

Booz Allen Hamilton is a leading consulting firm, and they are seeking an Information Systems Security Manager. The role involves overseeing the Risk Management Framework for information systems, ensuring compliance with security policies, and managing continuous monitoring activities.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Serve as a Lead Information Systems Security Manager (ISSM) responsible for the Risk Management Framework (RMF) authorization of assigned Information Systems (IS)

Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security plan

Conduct periodic assessments of authorized systems and ensure corrective actions for all identified findings and vulnerabilities are addressed in a timely manner

Assume responsibility for all RMF continuous monitoring activities for authorized systems, including periodic analysis of collected audit records and the system vulnerability management cycle

Monitor system incident recovery processes to ensure security features and procedures are properly restored and functioning correctly

Ensure user activity monitoring data is analyzed, stored, and protected in accordance with our program policies and procedures, and execute a strong continuous monitoring strategy

Qualification

NIST 800-53Risk Management FrameworkAssessmentAuthorizationSPLUNKIAM Level III CertificationTenable productsOperate independentlyInvestigate data spillsCCNA CertificationRed Hat CertificationWindows CertificationCommunication skillsOrganizational skills

Required

Experience with NIST 800-53, ICD 503, and RMF practices, Security Technical Implementation Guides (STIGs), computer networking, and an operating system

Experience with the development of Assessment and Authorization (A&A) artifacts

Experience assessing and documenting test or analysis data to show cybersecurity compliance and setting up auditing dashboards, and reviewing results in SPLUNK

Experience conducting risk analysis, reviewing ACAS, CVEs, plugins, CWEs, research, collaborating with System Administrators to mitigate identified vulnerabilities or author Plans of Action and Milestones (PO&AM)

Knowledge of National Industrial Security Program Operating Manual (NISPOM), Joint Special Access Program Implementation Guide (JSIG), Intelligence Community Directives (ICD) 503 and 703, the RMF process, and associated National Institute of Standards and Technology (NIST) publications

Knowledge of DD 254 requirements from an information security perspective

Ability to configure and run security scans with Tenable products

TS/SCI clearance with a polygraph

HS diploma or GED

IAM Level III Certification, including CISSP, GSLC, or CISM Certification