Senior Cyber Security Analyst -(ISSM) jobs in United States
cer-icon
Apply on Employer Site
company-logo

DNI (Delaware Nation Industries) ยท 18 hours ago

Senior Cyber Security Analyst -(ISSM)

positionAiken, SC
timeFull-time
remoteOnsite
senioritySenior Level
money$110K/yr - $130K/yr
date7+ years exp

DNI is on the lookout for a Senior Cyber Security Analyst - Information Systems Security Manager (ISSM) to deliver expert guidance in Information Systems Security and cybersecurity support for the Enterprise Information Services at the Department of Energy (DOE) Savannah River Operations Office. The role involves overseeing the ATO lifecycle, managing risk assessments, and providing technical cybersecurity advice to various stakeholders.

Business DevelopmentConsultingInformation ServicesInformation TechnologySoftware
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote
Hiring Manager
Josh Penley
linkedin

Responsibilities

Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks
Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise
Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary
Oversee operational information systems security implementation programs
Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization)
Oversee ISSOs to ensure they follow established policies and procedures and timelines
Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR
Ensure approved procedures are used for sanitizing and releasing system components and media as necessary
Ensure proper measures are taken when cyber security incident or vulnerability is discovered
Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
Manage, maintain, and execute the information security continuous monitoring plan
Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization

Qualification

Cyber SecurityRisk ManagementAuthority to Operate (ATO)NIST 800 Series StandardsCISSPCISMCommunication SkillsAttention to DetailProblem SolvingTeam Collaboration

Required

Reports to the Chief Information Security Officer (CISO) and Program Manager
Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks
Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise
Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary
Oversee operational information systems security implementation programs
Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization)
Oversee ISSOs to ensure they follow established policies and procedures and timelines
Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR
Ensure approved procedures are used for sanitizing and releasing system components and media as necessary
Ensure proper measures are taken when cyber security incident or vulnerability is discovered
Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
Manage, maintain, and execute the information security continuous monitoring plan
Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization
Support information technology (IT) security goals and objectives and reduce overall organizational risk; Advise senior management (e.g., Chief Information Security Officer [CISO] and Chief Information Officer [CIO] on risk levels and security posture.); Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture; Communicate the value of information technology (IT) security
Highly organized individual with exceptional communication skills, ensuring all stakeholders are consistently informed and updated as required
Excellent written and oral communication skills (writing samples may be requested)
Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result
Ability to identify problems, brainstorm and analyze answers, and implement the best solutions
Ability to develop and review security related procedures or processes and reports
Demonstrated ability to provide clear, precise, and factual information to senior leaders, team members, and external stakeholders
Capable of attending all customer-required meetings and promptly providing responses as requested
Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards
Must possess (or be able to obtain) a 'Q' level security clearance
A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis
7+ years in IT security or related field
Authority to Operate Life Cycle (ATO), Risk Management, POAMS & Milestones

Preferred

Highly desired certifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM)

Benefits

Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
Matching 401K
Short- and Long-Term Disability
Pet Insurance
Professional Development/Education Reimbursement
Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas

Company

DNI (Delaware Nation Industries)

twittertwittertwitter
company-logo
The DNI family consists of tribally owned companies featuring multiple HUBZone and SBA 8(a) Certified companies operating as federally recognized prime contractors providing state-of-the-art Enterprise IT services, Cybersecurity services, Research and Development, Construction, Management, and Professional services to federal and commercial clients.
dateFounded in 2015
location
Oklahoma City, Oklahoma, USA
people-size501-1000 employees
web-link
https://dnigov.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Jerry Kennedy
Chief Team Servant (aka President & CEO)
linkedin
leader-logo
Jay Graham
President
linkedin

Recent News

The Oklahoman
Delaware Nation Industries No. 1 in Top Workplaces for small business
2024-02-18
Company data provided by crunchbase