Noblis

Information Systems Security Manager (ISSM) - U.S. Navy Programs

Noblis$95K — $149K *
Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor of Science (BS) Degree in Computer Science, IT, Cybersecurity, or Engineering-related field
  • 5+ years of professional experience in Cybersecurity / IT
  • CompTIA Security+ certification required
  • Demonstrated experience with Risk Management Framework (RMF)
  • Experience using the eMASS system
  • Familiarity with vulnerability analysis tools like ACAS and HBSS
  • Must be a US Citizen with active DoD clearance or ability to obtain one

Responsibilities

  • Conduct risk and vulnerability assessments of information systems
  • Develop and review system RMF documentation such as Security Plans and Risk Assessment Reports
  • Provide creative solutions to complex cybersecurity problems
  • Assess compliance against NIST, DoD, and Navy security requirements
  • Coordinate with system SMEs on authorization boundary documentation
  • Collaborate with system teams to update policies and procedures
  • Produce evidence for compliance with security requirements
  • Perform annual security reviews and testing of controls
  • Stay updated on evolving security standards and apply changes
  • Attend A&A status meetings to discuss RMF system progress and issues
  • Participate in working groups for emerging cybersecurity policies
  • Utilize eMASS for formal coordination in the RMF process

Benefits

  • Long term contract opportunity
  • Work location based out of the Philadelphia Navy Yard
Full Job Description
Responsibilities

The ISSM (information Systems Security Manager) will have Risk Management Framework (RMF) experience. The candidate's primary responsibility will be to perform tasks related to Assessment & Authorization (A&A) and cybersecurity to obtain and maintain Authorizations to Operate (ATO) for U.S. Navy afloat and ashore systems. Lifecycle cybersecurity support of US Navy systems, which includes, but is not limited to the following duties:

  • Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
  • Developing, updating, and/or reviewing system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports (RARs).
  • Providing solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge.
  • Assessing system compliance against NIST, DoD, and Navy security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
  • Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
  • Working with system administrators, engineers, and developers to update system/site policies, procedures, and process guides.
  • Producing evidence as necessary to support compliance status of NIST, DoD, and Navy security requirements.
  • Performing annual security reviews, annual testing of security controls, and annual testing of the contingency plan in line with FISMA requirements.
  • Maintaining awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.
  • Attending and participating in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts.
  • Actively participating in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies.
  • Utilizing the Enterprise Mission Assurance Support Service (eMASS) system work-flow for all formal coordination during the RMF process.
  • Reporting changes in the security posture of systems to the Authorizing Official.

Long term contract based out of the Philadelphia Navy Yard.

Required Qualifications

Bachelor of Science (BS) Degree in Computer Science, Information Technology (IT), Cybersecurity, or Engineering related field and a minimum of 5+ years of professional experience in Cybersecurity / IT.
  • CompTIA Security+ certification required.
  • Demonstrated experience with Risk Management Framework (RMF); experience within the DoD a plus.
  • Experience using the eMASS system.
  • Experience with vulnerability analysis tools such as Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS).
  • Candidate must be a US Citizen and have an active DoD clearance, or the ability to obtain one.

Desired Qualifications

- CISSP (or Associate), CASP+ CE, CCNP Security, CISA, GCED, or GCIH certification.

- Experience leading a team through a technical project.

- Proficiency in the use of Microsoft Office suite of applications.

- Basic Technical Writing ability.

#nowhiring

Posted Salary Range

USD $95,500.00 - USD $149,200.00 /Yr.

About Noblis

Noblis is an American not-for-profit science, technology, and strategy organization that provides technical and advisory services to federal government clients. Noblis works in the areas of national security, intelligence, transportation, healthcare, environmental sustainability, and enterprise transformation. Noblis was created in 1996 when Mitretek Systems Inc. was split into two separate entities. The other entity became known as Noblis ESI. Noblis has been recognized as one of the best places to work in the Washington, D.C. area by the Washington Business Journal and the Washingtonian.
Learn more about Noblis
Size
1,500 employees
Industry
Founded
1996

Similar Jobs

More Jobs at Noblis

More Aerospace & Defense Jobs

Find similar Information Systems Security Manager (ISSM) - U.S. Navy Programs jobs: