The Information Systems Security Manager manages a team of professionals in the design, development, implementation and operation of security programs across the enterprise. This person will oversee information systems securityengineering and operations activities, including daily oversight of ISSO and ISSE efforts in the continuous monitoring of authorized systems, including device and system hardening, anomalous activity detection and response, security management applications, review of security documentation, and project engineering. Specific duties will include providing technical direction and oversight to infrastructure ISSOs performing:
- Vulnerability scanning and remediation
- SIEM, & Firewall configuration, deployment, and maintenance
- Assessment & Authorization
- Deployment, implementation and strategy of tools and related NetworkSecurity Management Systems
- Works with a Program Manager (SCRUM) to provide regular status reporting of security team projects to senior management and customers
- Responsible for process definition and assurance for networksecurity functions, ensuring configuration documents for deployed security solutions remain current and complete
- Regularly attends conferences and seminars to represent program security interests and keep program abreast of current technologies
- Responsible for senior level incident investigation
- BS/BA degree in Information Security, Computer Science or a related field
- MS in Information Security, Computer Science or a related field plus 10 years of experience
- A minimum of 7 totalyears relatedexperience, with specificexperiencein the following targeted areas:
- Experience with security control implementation per NIST 800-53, JSIG, CNSSI 1253, and/or ISFO Manual
- Configuration management & change control
- Vulnerability assessment and remediation
- POA&M creation & management
- Operating system & network device hardening
- SIEM tool configuration and management
- IS Security documentation creation & proofreading
- Secure network design,
- Incident remediation & response management
- IS Security project management.
- CISSP certification.
- Minimum of 8years managing a team of IS Security professionals responsible for continuously monitoring highly secure systems.
- Minimum of 8years leading IT & IS Security project teams in moving established security & IT processes to RMF-compliant processes.
Preferred Additional Skills:
- CISA or SANS GIAC security certifications strongly desired.
- DCID 6/3, JAFAN 6/3, NISPOM Ch8, or DIACAP Certification and Accreditation experience.
- ITIL v3.0 Foundation certification.
- Ability to lead a team and provide career leadership direction to team members desired.
- Experience in leading networksecurity projects in the Government sector is strongly desired.
- Ability to make decisions quickly as well as demonstrating sound judgment in balancing risk with business needs to offer customers and management optimal security solutions.
- Flexibility to adjust to changing requirements, schedules and priorities.
- Ability to socialize ideas, make recommendations and gather team consensus to move forward.
- Must have exceptional verbal, written, interpersonal, and presentation skills as well as strong ability to lead and mentor teammates.
- Current Top Secret Security Clearance with SCI access.