Information System Security Manager (ISSM)

Overview
We are seeking an experienced Information Systems Security Manager (ISSM) to support DHA RMED at McDonald Army Health Center (MCAHC) (Vance Airforce Base) and oversee the management of our information systems. The ideal candidate will possess a strong background in network engineering, system hardening, and vulnerability management. This role requires a strategic thinker who can implement best practices in information security and ensure the integrity and availability of our systems.

Duties

• Develop and maintain a DHA organizational or system-level cybersecurity program related to cybersecurity requirements, objectives policies, processes, and procedures.
• Ensure that information owners and stewards associated with Department of Defense (DoD) information received, processed, stored, displayed, or transmitted on each DoD Information System (IS) or Platform Information Technology (PIT) system are identified to establish accountability, access approvals, and special handling requirements.
• Maintain a repository for all organizational or system-level cybersecurity related documentation.
• Develop and implement IT policies and procedures to ensure the security and efficiency of information systems.
• Manage network infrastructure, including EIGRP, DHCP, and FTP protocols, to optimize performance.
• Oversee system hardening processes to protect against vulnerabilities and threats.
• Coordinate vulnerability management efforts, including regular assessments and remediation plans.
• Lead projects utilizing Agile methodologies to enhance system capabilities and user experience.
• Ensure compliance with frameworks such as COBIT and RMF while managing risk effectively.
• Collaborate with cross-functional teams to align technology solutions with business objectives.
• Stay informed about emerging attack frameworks and cybersecurity trends to proactively address potential risks.
• Ensure that Information Systems Security Officers (ISSO) are appointed in writing and provide oversight to ensure that they are following established cybersecurity policies and procedures.
• Develop cybersecurity self-assessment results and evidence with the assistance of necessary vendors during Information Assurance Validation Readiness Review
• Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.
• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Act as the primary cybersecurity technical adviser to the Authorizing Official (AO).
• Report incidents to the AO and all other appropriate reporting chains.
• Work with the Program Management Office (PMO) to ensure that the correct Risk Management Framework (RMF) Process is being followed.
• Maintain documentation of Plans of Action and Milestones (POA&M).
• Develop RMF documentation as required (with the assistance of necessary vendors and stakeholders, if applicable) to ensure the information is current, accurate, and applicable to the article of test.

Qualifications

• Must be a U.S. Citizen
• Must have active Secret Level Security Clearance
• Strong analytical and problem-solving skills
• CompTIA Security
• CISSP, CISM, or similar certification
• BA/BS and 5 years of experience or an additional 4 years of experience may be considered in lieu of a degree.
• Bachelor's degree or 15 years of experience in lieu of degree
• Certified Information Systems Auditor
• CEH certification
• Technical Training in cybersecurity, Information Technology, Medical Systems, Network Design, Strategic Planning, and/or HIPAA law.
• DoD 8570 - Possesses certification in order to meet compliance with 8570 categories of CND Auditor, CND Analyst, CNDSP Manager, CND Incident Responder, CND Infrastructure Support, IASAE I or IASAE II.

Experience

• Proven experience in information systems management or a related field.
• Strong knowledge of network engineering principles and practices.
• Familiarity with attack frameworks, vulnerability management tools, and system hardening techniques.
• Experience working with EIGRP, DHCP, FTP, COBIT, RMF, and Agile methodologies is highly desirable.
• Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.
• Strong communication skills to effectively convey technical concepts to non-technical stakeholders.

Knowledge

• Knowledge of data backup and recovery.
• Knowledge of Plan of Action and Milestones (POA&M)
• Demonstrated comprehensive knowledge DOD military specifications and standards.
• Knowledge of business continuity and disaster recovery continuity of operations plans.
• Ability to plan and organize work and interact with technical and non-technical personnel translating user requirements into responsive applications.
• Demonstrated detailed knowledge of IA concepts and requirements.
• System design integration planning for multiple large-scale installations.
• Hardware and software Evaluation
• System Test and Evaluation, planning execution and/or management.
• System requirements planning and oversight.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of controls related to the use, processing, storage, and transmission of data.
• Knowledge of encryption algorithms.
• Knowledge of the organization's enterprise information technology (IT) goals and objectives.
• Knowledge of risk management and incident response
• Understanding of FISMA and HIPAA IA requirements.
• Services Oriented Architecture design and development.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).

We invite qualified candidates who are passionate about technology and security to apply for this pivotal role within our organization.

Agile Care offers a comprehensive benefits package, including medical, dental, vision, 401K, wellness program, paid time off (PTO), and paid holidays.

All positions at Agile Care Enterprises are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity verification.

Pay range for this position is used as a guideline only and is not a guarantee of compensation. Additional factors will be considered including, but not limited to, level of skills, knowledge, and experience.
All your information will be kept confidential according to EEO guidelines.

Agile Care is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity, or any other characteristic protected by law.

PLEASE BE ADVISED THAT WE DO NOT ACCEPT SOLICITATIONS FROM STAFFING AGENCIES.

Job Type: Full-time

Pay: $55.00 - $70.00 per hour

Expected hours: 40 per week

Benefits:

• 401(k)
• Dental insurance
• Employee assistance program
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Compensation Package:

• Holiday pay
• Hourly pay

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Work Location: Hybrid remote in Enid, OK 73703

Salary : $55 - $70