Information Systems Security Manager (ISSM)

Hybrid (Dayton, OH)

Job Overview

Title:

Information Systems Security Manager (ISSM)

Location:

Hybrid (Dayton, OH)

Job Type:

Full Time

Description

Looking for an experienced Information Systems Security Manager (ISSM) who can become part of a vibrant, fast-paced organization, and embed themselves with a customer’s development (DevOps) team to document their current environment based on what should be in place from a NIST SP 800-53 perspective, identify gaps to controls, generate POA&M items and recommendations, and follow up to ensure said gaps and POA&M items have been remediated as part of an assessment and authorization process (ATO). The ISSM will be responsible for managing the establishment of, the implementation of, and the continuous monitoring of the customers’ security and compliance program for the in-scope people, processes, and technology (authorization boundary).

Responsibilities

Includes, but are not limited to the following:

  • Develop control narratives, responses and evidence for DoD/Air Force ATO.
  • Develop and maintain a formal IS security program and policies for assigned areas of responsibility.
  • Provide technical and procedural Information System (IS) Security advice to DevOps Team.
  • Develop recommendations for meeting compliance requirements based on DoD ILs and RMFs.
  • Develop documentation, policies and procedures for ATO package submission.
  • Develop and oversee operational information systems security implementation policy and guidelines.
  • Collect, manage and develop artifacts to support all relevant 800-53 requirements as required for an ATO.
  • Develop artifacts such as: SSP, asset inventory, authorization boundary diagrams, data flow diagrams, and relevant policies and procedures per NIST 800-53 control and/or NIST 800-53 Family.
  • Collaborate and maintain working relationships with customers DevOps and IT staff on a daily basis.
  • Aid in the development and enhancement of the ATO project plan.
  • Provide weekly and/or monthly updates to Ignyte service delivery leadership.
  • Maintains a repository of all security authorizations for IS under their purview.
  • Coordinate IS security inspections, tests, and reviews.
  • Ensures proper measures are taken when an IS incident or vulnerability is discovered.
  • Ensures development and implementation of an effective IS security education, training, and awareness program.
  • Maintains a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Manages, maintains, and executes the information security continuous monitoring plan.
  • Develops concept of operations (CONOPS) for new systems.

Requirements

  • Knowledge of DevSecOps, Cloud, and report writing
  • Bachelor’s degree with a minimum 3 years’ experience, or a Masters with 2 years relevant experience, or associates degree and minimum of 6 years relevant experience as an ISSM for creating ATO packages.
  • Currently possesses Security + certification, or CISSP, or equivalent type of certification
  • Meets DoD 8570.1 Certification Requirements

Qualifications

Five (5) years of experience in RMF NIST SP 800-53 implementations.

Degree

Bachelor’s Degree

Equivalent Experience/Education

How to apply:

Email: apply@ignyteplatform.com (send résumé here)

Ignyte Platform becomes a third-party assessment organization (3PAO), now listed on the FedRAMP Marketplace - Read More

X