Information System Security Manager

Overview:

SCCI is currently seeking a Information System Security Manager (ISSM) to join our team! This position is the process owner for the development and implementation of an information security program and supporting ongoing corporate activities to preserve the availability, integrity and confidentiality of information resources in compliance with applicable security policies and standards. This is a hybrid position located in the greater Dahlgren, VA metropolitan area.

SCCI offers a comprehensive and competitive benefits package including Health, Dental, Vision, Life and Disability benefits, 401k with Company Match, time off consisting of 2 weeks of paid vacation, 48 hours of sick/personal leave, and 11 paid Holidays.

Responsibilities:

• Support organizational efforts in maintaining compliance with Federal regulations
• Develop and maintain an Information Systems (IS) Security Program
• Analyze, develop, approve and issue the IS Security Policy for classified and unclassified systems
• Review bulletins and advisories that impact the security posture of IS under your purview
• Perform periodic vulnerability testing using approved tools to evaluate the security posture of the IS
• Ensure all IS users receive the necessary Information Assurance (IA) and Security Training
• Develop and maintain all IS certification / accreditation documentation in accordance with mandated policies
• Coordinate all external IS audits and reviews
• Manage implementation of anti-virus, host based security systems, and system and software patches as required on a continual basis and update POA&M as required
• Review system(s) security posture and audit logs periodically to ensure compliance with a Assessment and Authorization (A&A) documentation package
• Develop procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate
• Assist the Director of Information Technology in team development and executing organizational training for all personnel on IT and COMSEC equipment
• Develop and implement change management policy and procedures for authorizing use of hardware / software on an IS
• Ensure systems and data are protected, operated, maintained, and disposed of in accordance with security policies and practices as outlined in the certification and accreditation document package
• Participate in annual budget creation and execution
• Monitor and evaluate the effectiveness of the IS security procedures and safeguards to ensure they provide the intended level of protection
• Advise the Designated Accrediting Authority (DAA) of changes affecting the system’s IA posture

Essential Skills and Experience:

• Must be a U.S. Citizen and have an Active Top Secret Security Clearance
• Bachelor of Science (BS) Degree in Computer Science, Information Technology, or equivalent degree; or equivalent years of experience in a networking environment
• Three (3) - Five (5) years managing Information Systems
• Must possess a DoDD 8140, IAM 3 certification: CISSP, CISM, or GSLC
• Experience with eMASS; Creation of IS packages and maintaining artifacts
• Knowledge of RMF Continuous Monitoring processes and RMF policy creation/maintenance
• Ability to multi-task and work effectively under pressure
• Effective communication skills both verbal and written
• Strong analytical skills and ability to assist other team members in problem solving
• Strong team player, able to work in a fast-paced, rapidly changing environment
• Experience configuring VMware products
• Experience optimizing Public Key Infrastructure (PKI)

Preferred Skills and Experience:

• Knowledge of the Cybersecurity Maturity Model Certification (CMMC) (version 2.0) and DFARS 252.204-7012
• Experience with Microsoft Azure, Sentinel and Office 365 administration
• Experience with SCAP scanning, knowledge of STIGS and STIG Viewer, and POA&M development and maintenance
• Knowledge of ACAS and HBSS, general knowledge of Symantec, McAfee/Trellix, or any approved AV software and the process for updating the virus definitions on systems that are not connected to the internet
• Knowledge of NISPOM 32 CR 117 Final rule and the DoD series of published regulations, including for Derivative Classification and CUI and including 800-53 (Accredited systems) and 800-171 (CUI systems)
• Knowledge and experience with the DCSA Self Inspection process and the DAAPM v2.2
• SAN administration
• Information Technology Infrastructure Library (ITIL) v3
• Microsoft Certified Professional (MCP), Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Expert (MCSE) certifications, CompTIA Linux

SCCI is committed to providing a comprehensive and competitive benefits package to meet the needs of employees and their families. EOE Minorities, Females, Veterans, Disability.