Job Description55-069 Information Systems Security Manager (ISSM) I - Hanscom AFB, MALocation: Hanscom AFB, MA
Salary:$139,078.59Minimum Clearance Requirement: Active Top Security Clearance required (as defined in the Task Order) with eligibility for access to
Special Access Programs (SAP) and willingness to submit to a
Counterintelligence Polygraph.
Information Systems Security Manager (ISSM) ISandy Mac Evolution is seeking an experienced
Information Systems Security Manager (ISSM) I to support Department of Defense Special Access Programs (SAP) at Hanscom AFB, MA. The ISSM serves as the principal advisor on all matters involving the security of information systems and is responsible for developing, implementing, and managing cybersecurity policies and procedures supporting highly sensitive DoD environments.
This position provides day-to-day support for
Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) activities while ensuring compliance with Risk Management Framework (RMF), JSIG, and applicable DoD cybersecurity requirements.
Mandatory Qualifications- 5-7 years of related Information Systems Security experience
- Previous experience serving as an Information Systems Security Officer (ISSO) or Information Systems Security Manager (ISSM)
- DoD 8570.01-M IAM Level I Certification (or IAT Level II equivalent) required within six (6) months of hire
Desired Qualifications- Previous Special Access Program (SAP) experience
ResponsibilitiesThe selected candidate will:
- Provide oversight of Information Systems Security Program (ISSP) development, implementation, and continuous improvement
- Develop and maintain cybersecurity policies supporting SAP information systems
- Implement and manage security requirements in accordance with the Risk Management Framework (RMF) and Joint Special Access Program Implementation Guide (JSIG)
- Advise government customers on RMF assessment and authorization activities
- Perform cybersecurity risk assessments and provide recommendations to government stakeholders
- Review authorization packages and provide written recommendations for system authorization
- Develop and maintain formal Information Systems Security Program documentation
- Ensure Information Assurance Officers (IAOs), ISSOs, network administrators, and cybersecurity personnel receive required technical and security training
- Review, endorse, and recommend system assessment documentation to the Authorizing Official (AO) or Designated Authorizing Official (DAO)
- Ensure approved procedures exist for sanitization, destruction, and disposal of classified hardware and media
- Develop and execute security assessment plans validating required security controls
- Maintain repositories for authorization documentation and configuration changes
- Establish and manage Configuration Control Board (CCB) processes
- Develop incident response procedures and investigate/report cybersecurity incidents
- Ensure corrective actions are implemented for identified vulnerabilities and security incidents
- Establish data ownership, accountability, access control, and handling requirements for all authorization boundaries
- Develop and support cybersecurity education, awareness, and training programs
- Evaluate emerging threats and recommend additional safeguards when necessary
- Assess system modifications that may impact authorization status
- Ensure valid authorization decisions exist for all managed authorization boundaries
- Review Automated Information System (AIS) assessment plans
- Coordinate approvals for external information systems and interconnected networks
- Conduct periodic security posture assessments
- Ensure configuration management processes properly document security-related software, hardware, and firmware changes
- Support security testing using intrusion detection and monitoring tools alongside ISSOs
- Ensure disaster recovery and system reconstitution procedures meet operational availability requirements
- Maintain current authorization documentation for authorized personnel
- Ensure security requirements are incorporated throughout the system lifecycle
- Develop Assured File Transfer (AFT) solutions in accordance with JSIG requirements
- Participate in self-inspections and compliance reviews
- Perform ISSO duties when required
Required Experience- 5-7 years of Information Systems Security experience
- Previous experience serving in ISSO or ISSM roles
- Experience supporting DoD cybersecurity programs and authorization processes
- Working knowledge of DoD, National, and Service cybersecurity policies, regulations, manuals, and standards
Education- Bachelor's degree in a related field
- Equivalent experience may substitute for education (Bachelor's degree equals four years of experience)
Certifications- Must meet DoD 8570.01-M Information Assurance Manager (IAM) Level I requirements (or Information Assurance Technician (IAT) Level II equivalent) within six months of hire
Security Clearance Requirements- Active security clearance as required by the Task Order
- Eligibility for access to Special Access Program (SAP) information
- Willingness to successfully complete a Counterintelligence Polygraph
Additional Requirements- Strong understanding of RMF, JSIG, and DoD cybersecurity policies
- Excellent written and verbal communication skills
- Ability to work effectively in highly classified environments
- Ability to lift up to 50 pounds on a regular basis
