Apply on Employer Site

PE Systems, Inc. · 4 hours ago

Senior Information Systems Security Manager (ISSM) - PR 1344

Hanscom AFB, MA

Full-time

Onsite

Senior Level, Lead/Staff

$175K/yr - $185K/yr

10+ years exp

PE Systems, Inc. is seeking a Senior Information Systems Security Manager (ISSM) to support the Nuclear Command, Control, and Communications (NC3) Program at Hanscom AFB, MA. The role involves overseeing the security posture of systems, developing cybersecurity architecture, and managing assessment and authorization efforts to ensure compliance with DoD policies.

Information Technology

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Be able to perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools

Ensure personnel performing cybersecurity activities obtain and remain current with qualification requirements as directed by DoDI 8140.02, Identification, Tracking and Reporting of Cyberspace Workforce Requirement, and outlined in DoD 8140.03-M Cyberspace Workforce Qualification and Management Program, and AFMAN 17-1303, Cybersecurity Workforce Improvement Program

Manage the system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Department of the Air Force policies (i.e., RMF)

Develop and conduct a Continuous Monitoring plan in support of A&A activities to maintain ongoing awareness of cybersecurity, vulnerabilities, and threats to facilitate risk-based decision making

Maintain and report system assessment and authorization status and issues in accordance with DoD Component guidance

Manage and participate in meetings/teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls

Evaluate system sources such as, Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s and provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts

Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified

Perform cybersecurity inspections, tests, and reviews. Review system test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. Document findings in a report

Coordinate the cybersecurity inspections, tests, and reviews with affected parties and organizations

Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable

Continuously monitor intelligence and open-source information for vulnerabilities affecting AFNWC/NCL systems, assess risk, and provide POA&M recommendations to ISSM and PM as required

Coordinate Trusted Systems and Networks (TSN) and Supply Chain Risk Management (SCRM) evaluation of program information, software, and hardware throughout the program life cycle

Ensure that cybersecurity-related events or configuration changes that may impact systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs

Ensure that Information and System Owners associated with DoD information received, processed, stored, displayed, or transmitted on each system are identified to establish accountability, access approvals, and special handling requirements

Author, monitor, and record system information in applicable databases. Maintain a repository for all organizational or system-level cybersecurity-related documentation

Ensure implementation of IS security measures and procedures including reporting incidents to the appropriate reporting chains and coordinating system-level responses to unauthorized disclosures

Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system

Prepare and record system, security status, and portfolio management information into the Air Force Information Technology Investment Portfolio Suite (referred to as ITIPS) for Federal Information Security Management Act (FISMA); Security, Interoperability, Supportability, Sustainability, Usability (SISSU); Clinger Cohen Act; and other statutory compliance

Create and maintain security management plans and RMF package artifacts including but not limited to: RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Vulnerability Management Plans, Common Control Packages, Security Concepts of Operations, Operational Security (OPSEC) Plans, Authority-to-Connect guest system packages, and other system/network security related documents

Prepare, maintain, and submit a monthly report that captures the status of each A&A package to include an integrated schedule capable of showing high-level views of all packages and have the ability to delve in-depth into individual packages

Support and assist external teams in the evaluation of systems Cybersecurity posture to include teams performing non-regular cyber tests, war-games, cyber penetration tests, and cyber studies conducted by the NSA, DISA, Air Force Audit Agency, or other organizations

Perform Information Systems Security Management (722) and Vulnerability Assessment Analyst (541) Core/Additional Tasks and meet the KSAs as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03

Initiates, supervises, and/or develops requirements from a project’s inception to conclusion for complex to extremely complex programs

Ensure ISSMs are appointed in writing and provide oversight to ensure they are following established cybersecurity policies and procedures

Qualification

Information System Security ManagerVulnerability Assessment AnalystCybersecurity ArchitectureGovernment Security ClearanceMicrosoft ProgramsRisk AssessmentContinuous MonitoringCybersecurity PoliciesProject Management

Required

MA Degree with over 10 years' of related job experience

Must have the ability to work on high-visibility or mission critical aspects of a given program and perform all functional duties independently

Must possess and maintain a government security clearance at the Top Secret-SCI level

Must be proficient in the use of Microsoft programs (including Excel, Word, Outlook)

Must be able to transport self to various facility sites, as required. If using own motor vehicle, must possess a valid driver's license and proof of insurance

Must meet the Advanced level qualification requirements for Information System Security Manager (722) or Vulnerability Assessment Analyst (541) as outlined in DoD Cyber Workforce Framework - DoDI 8140.01, DoDI 8140.02, and DoDM 8140.03