Apply on Employer Site

Westinghouse Electric Company · 2 days ago

Information System Security Manager

Cranberry Township, PA

Full-time

Onsite

Mid, Senior Level

$103K/yr - $129K/yr

5+ years exp

Westinghouse Electric Company is a leader in the global nuclear energy industry, dedicated to providing clean energy solutions. The Information System Security Manager will oversee the cybersecurity oversight of protected information systems and ensure compliance with federal cybersecurity standards and corporate policies.

Electrical DistributionEnergyNuclear

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Be the designated Information Systems Security Manager (ISSM) responsible for overseeing the security, accreditation, and compliance of all WGS protected information systems processing Classified or Controlled Unclassified Information (CUI)

Establish and improve WGS's Information System Security Program, ensuring agreement on federal cybersecurity standards, corporate policies, and contractual requirements

Be the Responsible System Owner (RSO) for protected systems and maintain accountability for their security posture throughout their lifecycle

Develop, document, and maintain Risk Management Framework (RMF) and Assessment & Authorization (A&A) documentation

Certify in writing to the Cognizant Security Agency (CSA) that we implement the System Security Plan (SSP). Additionally, certify that required controls are in place and tested, and that systems continue to operate as authorized

Ensure compliance with all applicable cybersecurity requirements

Conduct or oversee self-inspections and audits on WGS protected systems at least annually; document, track, and resolve corrective actions

Collaborate with the IT Department, External Service Provider (ESP), and Managed Service Provider (MSP) to provide cybersecurity governance and guidance. This ensures that technical operations align with approved configurations, security baselines, and accreditation requirements

Review and assess configuration changes and vulnerabilities with input from IT and network providers to determine security impact and obtain required approvals (FSO, IT, ESP) prior to implementation

Maintain the Security Controls Traceability Matrix (SCTM) to document implementation of applicable NIST 800-53 and 800-171 controls

Integrate Insider Threat awareness and reporting requirements into the WGS information system security program with the Insider Threat Senior Program Official

Ensure that we provide all authorized users with security training and briefings prior to system access and that we maintain and validate user access lists regularly

Maintain daily awareness and monitoring of information systems through security event log reviews, vulnerability analysis, and audit trail inspections

Collaborate with the Corporate Facility Security Officer (FSO), Program Management, IT department and ESP to address incidents, reportable events, and non-compliance findings, ensuring reporting to appropriate authorities

Investigate and report security violations and incidents, coordinating with corporate security and government customers

Maintain working relationships with Program Management, corporate partners, government customers, and subcontractors to ensure security governance and communication

Respond to emergency situations and alarms to support operational continuity and security response

Maintain IAM Level III certification (CISM, CISSP or Associate, GSLC, or CCISO) under DoD 8570 baseline requirements

Respond to emergency situations and alarms

Perform other duties as assigned, in alignment with role qualifications, security needs, and operational requirements

Qualification

Information Systems SecurityRisk Management FrameworkCybersecurity ComplianceVulnerability ScansSecurity CertificationsTeamworkCommunicationProblem Solving

Required

Bachelor's degree in a related field, or four years of equivalent experience in addition to the experience outlined below

Five or more years of experience are required. This experience may be a combination of industry and U.S. military experience. It should include experience as an ISSM implementing various standards, such as 32 CFR 117, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements

Familiarity with vulnerability scans, ODAA Baseline Standard Requirements, and the Risk Management Framework (RMF)

U.S. Citizenship and the ability to maintain national security eligibility required

Maintain IAM Level III certification (CISM, CISSP or Associate, GSLC, or CCISO) under DoD 8570 baseline requirements

Preferred

One of the following certifications: CISM, CISSP (or Associate), GSLC, or CCISO (DoD 8750)

Benefits

Comprehensive Medical benefits which could include medical, dental, vision, prescription coverage and Health Savings Account (HSA) with employer contributions options

Wellness Programs designed to support employees in maintaining their health and well-being including Employee Assistance Program providing support for our employees and their household members

401(k) with Company Match Contributions to support employees' retirement

Paid Vacations and Company Holidays

Opportunities for Flexible Work Arrangements to promote work-life balance

Educational Reimbursement and Comprehensive Career Programs to help employees grow in their careers

Global Recognition and Service Programs to celebrate employee accomplishments and service

Employee Referral Program