Information Systems Security Manager (ISSM)

Location: Hanscom Air Force Base, Massachusetts

Job Responsibilities:

• Perform oversight of the development, implementation and evaluation of information system security program policy
• Perform analysis of network security, based upon the ICD 503, DCID 6/3 Appendix E, DITSCAP, DIACAP, JSIG, and/or NISPOM Chapter 8; advise customer on IT certification and accreditation issues
• Perform risk assessments and make recommendations to customers
• Advise government program managers on security testing methodologies and processes Evaluate certification documentation and provide written recommendations for accreditation to government
• Periodically review system security to accommodate changes to policy or technology Develop and maintain a formal Information Systems Security Program
• Ensure that all IAOs, network administrators, and other AIS personnel receive the necessary technical and security training to carry out their duties
• Develop, review, endorse, and recommend action by the designated approval authority (DAA) of system certification documentation
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output
• Conduct certification tests that include verification that the features and assurances required for each protection level are functional
• Maintain a repository for all system certification/accreditation documentation and modifications Coordinate AIS security inspections, tests, and reviews
• Develop policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
• Ensure that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements
• Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local AIS
• security training Ensure that security testing and evaluations are completed and documented
• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed. Assess changes in the system, its environment, and operational needs that could affect the accreditation
• Ensure that certification is accomplished on each AIS Review
• Conduct periodic testing of the security posture of the AIS
• Ensure configuration management (CM) for security-relevant AIS software, hardware, and firmware are properly documented
• Ensure that system recovery processes are monitored to ensure that security features and procedures are properly restored
• Ensure all AIS security-related documentation is current and accessible to properly authorized individuals
• Ensure that system security requirements are addressed during all phases of the system life cycle
• Participate in self-inspections; identify security discrepancies and report security incidents
• Coordinate all technical security issues outside of area of expertise or responsibility with SSE
• Provide expert research and analysis in support of expanding programs and area of responsibility
• Perform file transfers between local systems to storage devices
• Provide leadership, mentoring, and quality assurance for Team Members

Job Requirements:

• Bachelor’s degree in Cybersecurity/Information technology or equivalent
• 8 years’ experience with Cybersecurity practices within the DoD or other Federal Agency. An additional 4 years’ experience may substitute for the degree.
• Strong knowledge of Air Force, DoD and applicable Federal Cybersecurity Directives and Instructions
• Work dynamically and effectively with people on projects (formal and informal) and conduct technical interchanges as required.
• IAT Level III (CISSP) certification required.
• Clearance required – TS/SCI