Information System Security Manager
About the Organization Now is a great time to join Redhorse Corporation. Redhorse specializes in developing and implementing creative strategies and solutions with private, state, and federal customers in the areas of cultural and environmental resources services, climate and energy change, information technology, and intelligence services. We are hiring creative, motivated, and talented people with a passion for doing what's right, what's smart, and what works.Position DescriptionRedhorse Corporation has an exciting opportunity for an Information System Security Manager (ISSM) that will be responsible for classified programs Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements. In this dynamic position you will interface directly with the Defense Counterintelligence and Security Agency (DCSA) on overall compliance and configuration change management. The ISSM serves as the principal advisor on all matters, technical and otherwise, involving the security of systems under their purview. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. The ISSM will establish program control processes to ensure the mitigation of risks and is responsible for obtaining certification and accreditation of systems, be knowledgeable of Controlled Unclassified Information System requirements, and assist in the implementation of the required government policy.
Responsibilities:
- Monitor cybersecurity compliance by performing periodic self-inspections, tests, and reviews of information systems to ensure that workstations are operating as authorized/accredited
- Coordinate with program/project stakeholders, the Facility Security Officer (FSO), and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Maintain day-to-day security posture and continuous monitoring of classified IS including security event log review and analysis
- Performs Assessment and Authorization (A&A) activities such as information system certification testing of required configuration controls and preparing/maintaining various documentation such as: Standard Operating Procedures (SOP), System Security Plan (SSP), Risk Assessment Report (RAR), Security Controls Traceability Matrix (SCTM), etc
- Manages and maintains Continuous Monitoring (ConMon)/Plan of Action and Milestones (POA&M) reports
- Responsible for security sustainment activities including (but not limited to): hardware change management, software change management, account management, media protection, user interface, file transfers, etc
- Support Certifications and Audits (ISO/IEC 27001:2013, CMMC) of company-wide, unclassified IT systems and developing System Security Plan and associated Plan of Action and Milestones
- Perform other tasks as assigned by manager/supervisor
Minimum Basic Requirements for Skills, Experience, Education and Credentials include:
- High School Diploma/GED
- Two (2) years’ experience as an ISSO or ISSM implementing DCSA requirements
- Excellent communications skills
- Demonstrated strong critical thinking and problem-solving skills
- Detail oriented and self-motivated
- Ability to effectively prioritize multiple projects
- Ability to work with people in a team environment and deal effectively with changing project priorities
- Strong customer service skills
- The training courses listed below are preferred but not required prior to hiring. However, the successful candidate will be required to complete the training within 6 months of starting. ISSM Required Training:
- Categorization of the System - CS102.16
- Selecting Security Controls - CS103.16
- Implementation of Controls - CS104.16
- Assessing Security Controls - CS105.16
- Authorizing Systems - CS106.16
- Monitoring Security Controls - CS107.16
- Continuous Monitoring - CS200.16