Information Systems Security Manager (ISSM)

Full Time


    SystemsSecurityITRisk ManagementCISSPWindowsLinux

    Job Description

    Solidus is searching for ISSMs (Information Systems Security Managers) to join a team of cybersecurity professionals that are driven to solve complex security problems in collaboration with research teams.

    Core responsibilities include:
    - Prepare for the organization's Cybersecurity Maturity Model Certification (CMMC) and oversee the implementation of its requirements
    - Assist system stakeholders with the translation of CMMC requirements into technical controls at the system level
    - Assist in the development of technical implementation strategies
    - Perform periodic assessments against NIST SP 800-171 and CMMC requirements, including security architecture gap analysis; assist in the development of technical implementation strategies and mitigations

    - Continuously validate the organization against cybersecurity policies/guidelines/procedures/ regulations/laws to ensure compliance
    - Assist and support risk and compliance activities
    - Maintain system security plan documentation and plans of action and milestones (POA&M)
    - Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals
    - Conduct security impact analysis for risk exception and waiver requests
    - Assist in the development of policies, processes, procedures and documentation that reflects system security objectives in accordance with applicable laws, statutes, and other regulatory requirements.
    - Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures.

    - US Citizen and the ability to obtain and maintain a Secret Clearance
    - Minimum of a BS in a technical discipline plus 6 years of experience or a MS and a minimum of 4 years of experience.
    (Please note that technical experience, skills, and course work completed towards a degree, or industry IT certifications may be considered in lieu of education)

    Required skills:
    - Risk Management and Assessment
    Knowledge and ability to apply government regulation (FAR, DFARS)
    Knowledge of information security standards and frameworks such as NIST SP 800-171, NIST SP 800-53, NIST SP 800-37
    Familiarity with the DODs Cybersecurity Maturity Model Certification (CMMC)
    Knowledge of risk assessment methodology, NIST SP 800-30, FAIR, and OCTAVE
    Experience developing and maintaining SSPs and associated artifacts, POA&M, Risk Assessment Report, and Continuous Monitoring Strategy
    - Valued Competencies
    Experience as a system administrator, system architect or similar position
    Certified CMMC Professional (CCP) certification
    Other certifications such as, Security+, CISSP, CISA, CISM
    - Technical Competencies
    Experience and familiarity with multiple operating systems including Windows Server, Windows 10, Red Hat Enterprise Linux, Ubuntu, Mac, ESXi, VMWare, etc.
    Experience and familiarity with networking concepts, technologies, solutions, and secure design principles
    Familiarity and knowledge of enterprise security tools, such as vulnerability scanners, log aggregators, and endpoint protections
    Understanding of cloud technology and cloud security practices
    Scripting experience a plus (shell, PowerShell, python, etc.)
    Familiarity with DevSecOps, code development practices, and code analysis

    Req: 4638

    Applicants selected must meet eligibility requirements for access to classified information. U.S. Citizenship may be required. Solidus is an Equal Opportunity Employer and participates in E-Verify. NOTICE OF AFFIRMATIVE ACTION PLAN FOR INDIVIDUALS WITH DISABILITIES, DISABLED VETERANS AND OTHER PROTECTED VETERANS. It is the policy of this Company to seek and employ qualified individuals at all locations and facilities, and to provide equal employment opportunities for all applicants and employees in recruiting, hiring, placement, training, compensation, insurance, benefits, promotion, transfer, and termination. To achieve this, we are dedicated to taking affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, and other protected veterans. The objective in adopting the Affirmative Action Programs is to place qualified individuals with disabilities, disabled veterans and other protected veterans in all job classifications. These Affirmative Action Programs are available for inspection by any applicant or employee by contacting the Companys EEO Coordinator, in the Human Resources office, Monday through Friday, 8am to 5pm.

    Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.