Information System Security Manager (ISSM) III

Location: Philadelphia, PA

Education/Certifications: Master’s degree (computer science, IT, or equivalent STEM field); IAM-II; CAP, CASP CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP

Years of Experience: 8 years’ managing information security programs.

Clearance Level & Investigation: Secret

Citizenship: U.S.

IA Cert Level (DoD 8570.01): IAM-II

Qualifications:

• Target Education: Master’s degree in computer science, IT, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university.
• Target Experience: Eight (8) years of experience coordinating with various levels of an organization to oversee and manage information security program implementation within the organization or other area of responsibility. Must have managed cyber security, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
• Minimum Certs: IAM-II, CAP, CASP CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
• Must be U.S. citizen and hold active or interim Secret clearance.

General Duties Include: Oversee and manage information security program implementation within organization or other area of responsibility. Manage strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources. Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk.

Responsibilities:

• Provide ISSM Support Service by performing the following duties:
• Support IT security goals and objectives and reduce overall organizational risk.
• Assist with collection of data needed to meet system cybersecurity reporting.
• Communicate value of IT security throughout all levels of organizational stakeholders.
• Assist with security improvement actions during evaluation, validation, and implementation.
• Assist with cybersecurity inspections, tests, and reviews for network environment.
• Assist with identifying alternative information security strategies to address organizational security objectives.
• Assist with interpretation of patterns of noncompliance to determine impact on levels of risk and/or overall effectiveness of enterprise cybersecurity program.
• Participate in information security risk assessment during Security A&A process.
• Assist with tracking of audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Assist with identifying security requirements specific to IT systems in all phases of system life cycle.
• Assist with successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with organization’s mission and goals.
• Assist with Quality Assurance (QA) reviews for RMF package submissions IAW SOPs.
• Develop findings reports and recommend corrective actions for identified deficiencies.
• Coordinate with programs to resolve findings identified during internal and external review processes.
• Report system compliance in DON Application and Database Management System (DADMS), DoD IT Portfolio Repository – Department of the Navy (DITPR-DON), and VRAM.
• Assist with facilitating communication between all stakeholders throughout RMF process.
• Assist with monitoring systems for upcoming authorization conditions/stipulations, upcoming or past-due POA&M items, and SLCM activities.