Information System Security Manager

Harris   •  

Rochester, NY

Industry: Aerospace & Defense

  •  

5 - 7 years

Posted 41 days ago

Harris Corporation is a leading technology innovator, solving customers' toughest mission-critical challenges by providing solutions that connect, inform and protect. Harris supports government and commercial customers in more than 100 countries and has approximately $6 billion in annual revenue. The company is organized into three business segments: Communication Systems, Space and Intelligence Systems and Electronic Systems. Learn more at harris.com

Job Description:

The Information Systems Security Manager (ISSM) is responsible for maintaining and enforcing all Information System Security policies, standards, and directives to ensure accreditation and certification of information systems processing U.S. government classified information. The position requires in-depth working knowledge of and experience with multiple government directives, i.e. NISPOM Chapter 8, National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), and comparable industry standards.

Job responsibilities include:

  • Establishes, documents, implements, and monitors the Information System (IS) Security Program and related procedures for the facility and ensures facility compliance with requirements for classified IS.
  • Authors and maintains documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF) pursuant to JSIG and NISPOM requirements; performs and ensures security control assessments as part of the systems' Continuous Monitoring Plans.
  • Oversees configuration management of assigned systems; works and collaborates with IT organization to develop device and system hardening guides following DISA and NIST guidelines; audits systems to ensure maintenance of security posture integrity.
  • Conducts periodic hardware/software inventory assessments as stipulated/required by governing directives
  • Identifies system security controls shortcomings and develops POA&Ms.
  • Serves as lead for remediating control deficiencies.
  • Conducts, documents and reports annual self-assessments.
  • Maintains operational information security posture for a system, program, or enclave; investigates security incidents such as data spills, data integrity and malicious events; authors and delivers security education training to range of audience levels.
  • Supervisory responsibilities for assigned Information System Security Officers (ISSOs).
  • Ensures the development, maintenance and compliance to facility procedures governing:Marking, handling, control, removal, transport, sanitization, re-use, and destruction of media and equipment containing or exposed to classified information.
  • Proper implementation of vendor supplied authentication features or security-relevant features.
  • Reporting of IS security incidents to DSS and ensuring proper protection and/or corrective measures taken when an incident/vulnerability has been discovered.
  • Requirements for IS user familiarity, training and acknowledgment of responsibility for the security of relative systems.
  • Implementation of security features for detection of malicious code, viruses, and intruders (hackers), as appropriate.

Qualifications:

  • Bachelor's degree from an accredited college in a related discipline with 9 years classified IS security experience
  • Current DoD Secret security clearance
  • 6+ years' experience as an ISSO overseeing or managing cybersecurity on classified systems under JSIG, NISPOM Ch8, ICD 503, and/or NIST 800-53
  • 6+ years' experience developing, managing, providing evidence to close POA&Ms associated with the A&A and project management processes
  • 6+ years' experience with Cisco equipment and Microsoft operating systems
  • 6+ years' experience interpreting vulnerability scanning results (preferably Nessus or Tenable Security Center)
  • 6+ years' experience reviewing workstation, server, firewall, & IPS logs

Preferred Additional Skills:

  • CISSP, CISM, or GSLC certification (DoDI 8570.01 IAM III)
  • Previous experience with DSS C&A process
  • Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammates
  • Experience with Linux is a plus
  • Flexibility to adjust to changing requirements, schedules, and priorities
  • High level of personal motivation and initiative to learn and acquire new skills
  • Able to work individually as well as part of a team
  • Excellent time management skills
  • Experience leading ISSOs and small teams