What are the responsibilities and job description for the Information Security Manager position at ASSYST, Inc.?
ASSYST is seeking a Information Security Manager to support a Federal Project in DC.
The candidate must hold a Q, TS or SSBI clearance completed within the past 5 years
This position is contingent upon the contract award
Requirements:
Education: Bachelor's degree from an accredited university or college in Information Technology with an emphasis in Cybersecurity or Information Assurance or similar degree.
Certifications: GIAC Information Security Professional (GISP), ISC2 Certified Information Systems Security Professional (CISSP) or equivalent
Experience:
The candidate must hold a Q, TS or SSBI clearance completed within the past 5 years
This position is contingent upon the contract award
Requirements:
Education: Bachelor's degree from an accredited university or college in Information Technology with an emphasis in Cybersecurity or Information Assurance or similar degree.
Certifications: GIAC Information Security Professional (GISP), ISC2 Certified Information Systems Security Professional (CISSP) or equivalent
Experience:
- Individual must demonstrate a minimum of five (5) years of experience in planning, coordinating, and implementing security measures to protect the confidentiality, integrity, and availability of information systems and their data.
- Individual must also have a minimum of two (2) years supervising experience in a cyber/IT security role.
- Individual must demonstrate proficiency in developing, monitoring and conducting testing of cybersecurity plans and controls using government approved tools and methods.
- The individual will document test results, develop and recommend corrective actions, and develop and document residual risk and risk assessment statements. Individual must have a thorough understanding of cyber policies/practices to include National Institute of Standards and Technology Special Publications.
- Individual requires extensive knowledge of security assessment and authorization (SA&A) policy, procedures, and processes, including, but not limited to, NIST 800-37, 800-53, CNSSI and other Federal requirements.
- This individual must demonstrate proficiency in developing and revising Security Policies (for example, Privacy Plan, Configuration Management Plan, etc.).
- This individual must also be able to create baseline documentation and develop and review policies for .
- This individual must be knowledgeable in Incident Response practices, vulnerability management, Plan of Action and Milestone management, Zero Trust Architecture, cloud requirements and assessments, Continuous Diagnostics Mitigations/Continuous Monitoring, etc.
