Information Systems Security Manager (ISSM)
1 Federal St, Camden, NJ 08103 camden, NJ 08103 US
Job Description
- Corporate Security has an opportunity for an Information Systems Security Manager to support multiple corporate initiatives to include but not limited to the SAP Secure Collaborative Network, Microsoft O365/Azure Data Loss Prevention/Data Loss Detection efforts, Emergency Notification System, and support for other classified systems as required.
In this position, you will:
- Perform duties as subject matter expert to address requirements listed in the Joint Special Access Program (SAP) Implementation Guide (JSIG) as well as providing support as required to address the requirements listed in the National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICD), and DSS NISP Authorization Office DSS Assessment and Authorization Process Manual (DAAPM).
- Develop and review System Security Plans (SSP), all required supporting documentation (POA&M, NSP, etc.), and local policies in accordance with the JSIG as well as providing support as required for the NISPOM, ICD, NAO DAAPM.
- Schedule, perform and maintain records of required information security auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements.
- Build, configure and maintain systems in compliance with DoD cyber security requirements.
- Perform periodic self-inspections, tests and reviews of the Information Security program to ensure that systems are operating as authorized/accredited and implement corrective actions for any identified findings and vulnerabilities.
- Operate, maintain, and dispose of systems in accordance with security policies and procedures.
- Develop and conduct test procedures for verification of Risk Management Framework (RMF) controls to meet customer requirements.
- Remain current on information assurance regulations and contract security requirements.
- Coordinate with Facility Security Officers (FSO) and Special Program Security Officers (PSO) to define, implement and maintain information security policies, strategies, and procedures.
- Create and conduct IS Security briefings.
- Ability to travel to offsite locations as required.
Qualifications
Ten (10) years of work experience with at least five (5) years in two of the domains below; or four (4) years of work experience, plus an information security degree/certificate, in two or more of the following eight CISSP domains:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
- Other qualifications that will enable you to perform successfully in this position include:
- Three years of experience implementing NISPOM, ICD and or ODAA Process Manual requirements.
- Active US DoD Top Secret security clearance or SSBI with polygraph. Ability to obtain additional clearances as required
- DoD 8570.01m IAM III certified credentials (If not CISSP, must become CISSP certified within 6 months of hire date)
- In-depth knowledge with the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs).
- Experience with NIST 800-53 Security Controls, NISPOM Technical Baseline, ICD 503, and JSIG requirements/programs.
- Excellent people skills, with experience leading and collaborating in a dynamic team environment.
- Outstanding work ethic and commitment to organizational success
- Excellent communication skills (written, verbal, & presentation)
- Excellent attention to detail
- Proficient with Microsoft Office products
- A Certified Information Systems Security Professional (CISSP) is preferred
- Experience with Windows 7/10, Windows Server 2008/2012/2016, Active Directory, Group Policy, and VMWare desired
- Technical knowledge of Linux, and UNIX based platforms preferred