Information System Security Manager (ISSM)

Job Description

ECS is seeking an Information System Security Manager (ISSM) to work in our Arlington, VA office.

ECS is seeking an experienced and highly motivated Information System Security Manager (ISSM) to support a team responsible for ensuring cybersecurity for an SIPR production network within the DoD community.

This role will oversee and ensure security compliance with Department of Defense policy of ECS Federal networks. The ISSM will work closely with the Defense Contractor Security Agency (DCSA) and the Defense Information Security Agency (DISA) to ensure the IS stays in compliance with applicable policies and oversight.

The ISSM will lead the preparations and interactions with the government for system security assessments and ensure the IS maintains its Authority to Operate (ATO). The ISSM will manage the implementation of security policies, conduct risk assessments, manage security controls, and Plan of Actions and Milestones (POAM). The ISSM is expected to advise senior management on cybersecurity issues, communicate security risks, and collaborate with technical teams and other stakeholders. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion. The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands-on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.

Responsibilities:

• Implement and manage secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions - Committee on National Security Systems, the National Industrial Security Program Operating Manual (NISPOM), and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).
• Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms.
• Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; Active experience with the Enterprise Mission Assurance Support Service (eMASS).
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Provide cybersecurity oversight, guidance, and training to all general and privileged users.
• Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management).
• Perform system auditing, vulnerability risk assessments, Assured File Transfers, data integrity containments and investigations on IA related security violations/incidents.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the IS's cybersecurity posture.
• Perform cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Ensure that Plans of Actions and Milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

*This is a hybrid role and requires at least 3 on-site days in office.

Required Skills

• Active DoD Top Secret clearance with the ability to obtain a TS/SCI
• A Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or similar field
• 5+ years of experience in information technology, cybersecurity, and security assessments providing leadership, guidance, and oversight of Security concepts, performing security risk assessments and security architecture reviews, assessing architecture, software design, networking, virtualization, and cloud-based technologies / infrastructure
• Hold current DOD 8570 IAM Level 3 baseline certification(s) (CISSP, CISA, etc.)
• Demonstrate and articulate expert knowledge, understanding, and hands-on experience with: DoD Information Technology best practices, DoD Cybersecurity best practices, DODI 8500.1, DODI 8500.2, and other information assurance (IA) guidance, Windows domain and Linux systems architectures, security / validation testing tools to include vulnerability scanners (Retina, Nessus), DISA STIGs, and DISA checklists
• Solid experience in leading technical teams
• Customer-service focused at all times and career/growth-oriented
• Strong written and verbal communication skills for reporting and coordinating with different levels of an organization
• Team oriented personality

Desired Skills

• Securing a public cloud environment (AWS, Google Cloud Platform or Azure)
• Building software utilizing public cloud (AWS, Google Cloud Platform or Azure)
• Utilizing Agile methodologies
• Software Security Architecture
• Application Security - Nutanix
• Threat Modeling
• Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management
• Trellix Endpoint Security
• Continuous monitoring experience
• Offensive or Defensive Security techniques
• Artificial intelligence and machine learning systems

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.