OverviewAmyx is seeking to hire a Information Systems Security Manager-Advanced to support our Cybersecurity Division in the NCE Springfield, VA area. Responsible for the cybersecurity of a program, organization, system, or enclave.
Responsibilities- Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
- Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
- Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
- Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
- Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
- Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
- Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
- Evaluate cost/benefit, economic, and risk analysis in decision-making process.
- Identify alternative information security strategies to address organizational security objective.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
- Interpret and/or approve security requirements relative to the capabilities of new information technologies.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Lead and align information technology (IT) security priorities with the security strategy.
- Lead and oversee information security budget, staffing, and contracting.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports,
- Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
- Oversee the information security training and awareness program.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
- Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
- Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
- Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
- Recommend policy and coordinate review and approval.
- Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Use federal and organization-specific published documents to manage operations of their computing environment system(s).
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
- Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
- Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary.
- Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
Microsoft Office Suites; SharePoint; Nessus, Xacta, ServiceNow, Archer, Assessment Tools
QualificationsRequired:
- Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
- Clearance: TS/SCI
- DoD 8140 Certification: CISSP-ISSMP or GSLC
- Skill in creating policies that reflect system security objectives.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Skill in evaluating the trustworthiness of the supplier and/or product. Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Benefits include:
- Medical, Dental, and Vision Plans (PPO & HSA options available)
- Flexible Spending Accounts (Health Care & Dependent Care FSA)
- Health Savings Account (HSA)
- 401(k) with matching contributions
- Roth
- Qualified Transportation Expense with matching contributions
- Short Term Disability
- Long Term Disability
- Life and Accidental Death & Dismemberment
- Basic & Voluntary Life Insurance
- Wellness Program
- PTO
- 11 Holidays
- Professional Development Reimbursement
Physical DemandsEmployee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.
