NC3 Information Systems Security Manager (ISSM), Subject Matter Expert

NC3 Information Systems Security Manager (ISSM), Subject Matter Expert

Company : Sumaria Systems LLC

Sumaria delivers leading technical, engineering, software, professional & enterprise networking solutions to U.S. Government Agencies.

Job Description :

Hit Apply below to send your application for consideration Ensure that your CV is up to date, and that you have read the job specs first.

The employee shall perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Ensure system and application deliverables meet the requirements of all National, Federal, DoD, and Department of the Air Force Cybersecurity policies or as required by law.

The ISSM (SME) serves as the Information System Security Manager (ISSM Advanced) and acts as technical advisor to the Program Manager (PM) and Systems Engineer (SE), primarily responsible for maintaining the overall security posture of the systems within their organization and accountable for the implementation of Department of Defense (DoD) 8510.01.

Functions required to be performed in this specialty may include :

• Manage the system / application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Department of the Air Force policies (i.e., RMF).
• Develop and conduct a Continuous Monitoring plan in support of A&A activities to maintain ongoing awareness of cybersecurity, vulnerabilities, and threats to facilitate risk-based decision making.
• Maintain and report system assessment and authorization status and issues in accordance with DoD Component guidance.
• Participate in meetings / teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests / Proposals (CRs / CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solutions from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and document changes / revisions to the system’s RMF artifacts.
• Review and provide inputs to modification packages, program / system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management.
• Review system test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. Document findings in a report.
• Perform security impact analysis on any system change and prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting AFNWC / NCL systems, assess risk, and provide POA&M recommendations to ISSM and PM as required.
• Act as the primary cybersecurity technical advisor to Program Management and System Engineers for systems under their purview.
• Coordinate Trusted Systems and Networks (TSN) and Supply Chain Risk Management (SCRM) evaluation of program information, software, and hardware throughout the program life cycle.
• Ensure that cybersecurity-related events or configuration changes that may impact systems authorization or security posture are formally reported to the AO and other affected parties.
• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Perform cybersecurity inspections, tests, and reviews.
• Ensure ISSMs are appointed in writing and provide oversight to ensure they are following established cybersecurity policies and procedures.
• Ensure that Information and System Owners associated with DoD information are identified to establish accountability, access approvals, and special handling requirements.
• Maintain a repository for all organizational or system-level cybersecurity-related documentation.
• Ensure implementation of IS security measures and procedures including reporting incidents to the appropriate reporting chains.
• Ensure handling of possible or actual data spills of classified information are conducted in accordance with DoD 5200.01, Volume 3.
• Ensure the secure configuration and approval of IT below the system level in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
• Author, monitor, and record system information in applicable databases.
• Prepare, maintain, and submit a monthly report that captures the status of each A&A package.
• Support and assist external teams in the evaluation of systems Cybersecurity posture.
• Support the development, coordination, and implementation of cybersecurity-related special projects and taskers.
• For each system, maintain a current software bill of materials that contains the elements identified in the National Telecommunications and Information Administration publication.
• Shall meet the Advanced level qualification requirements for Information System Security Manager (722) or Vulnerability Assessment Analyst (541) as outlined in DoD Cyber Workforce Framework.
• Perform Information Systems Security Management (722) and Vulnerability Assessment Analyst (541) Core / Additional Tasks.

Minimum Education / Experience Requirements :

Candidate must meet the Advanced qualification requirements and maintain qualification per the maintenance requirements as defined in DoDM 8140.03.

Travel : Yes

Security Clearance Required : TOP SECRET / SCI

Position Type : Full Time

Work Location : Hanscom AFB, MA

Salary Range : $155,000 – 180,000

Top salaries paid for qualified candidates.

Agency submissions are not being accepted at this time.

For more information on Sumaria Systems, please visit our website at www.sumaria.com.

Sumaria is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status.

J-18808-Ljbffr

Salary : $155,000 - $180,000