Talent.com
Information Systems Security Manager

Information Systems Security Manager

North WindNewport News, VA, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Job Description

Job Description

Company Description

North Wind is an industry leader in the research, development and testing of hypersonic and mission critical systems. North Wind in Newport News, VA and Ronkonkoma, NY has provided independent services and solutions from engineering through manufacturing, integration, and test in support of the most complex Aerospace and Defense programs for over 50 years. We are seeking an Information Systems Security Manager to join our team. Our team is dedicated to developing innovative solutions that drive progress and advance development. Join us and be part of a dynamic, forward-thinking organization where your contributions make a real impact.

Role Description

This position is responsible to ensure all systems comply with NIST 800-171, CMMC, and various security related system controls while meeting program demands and operating in an accredited state. Establish compliance framework, work collaboratively with team and vendors in all aspects of SSP development, maintenance, accreditation / re-accreditation, and oversight, including conducting periodic reviews to ensure compliance.

Responsibilities

  • Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
  • Capture all supporting activities and evidence needed for the various compliance frameworks. Provide guidance an input to vendor inquiries and questionaires.
  • Work with partners to perform cyber defense trend analysis and reporting on a regular basis. Working with our security partners, ensure event correlation is being done using information gathered from a variety of sources within the company to gain situational awareness and determine the effectiveness of an observed attack. Work with vendor to perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Facilitate vulnerability assessments and remediation activities
  • Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance.
  • Lead Disaster Recovery and Business Continuity Plans. Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Ensure data protection policies are enabled and enforced.
  • Perform security reviews, develop a security risk management plan. Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. Verify that application software / network / system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

Preferred Education / Experience :

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems Management, Management Information Technology or related discipline
  • 7+ years of experience in cybersecurity and / or systems security; or
  • A combination of education and experience equivalent to above
  • The ability to obtain and maintain a US security clearance (U.S. citizenship is required)
  • A Certified Information Systems Security Professional (CISSP) is required.
  • CMMC Level 2 certification preferred.

    • Preferred Knowledge / Ability :

  • Solid understanding of security protocols, cryptography, authentication, authorization, identity management, and information security
  • Experience implementing NIST 800-171, CMMC, NISPOM, ICD and or ODAA Process Manual requirements
  • In-depth knowledge with the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs)
  • Experience with NIST 800-53 Security Controls, NISPOM Technical Baseline, ICD 503, and JSIG requirements / programs
  • Motivated self- starter with the ability to work well in a team setting
  • Outstanding work ethic and commitment to organizational success
  • Excellent communication skills (written, verbal, & presentation) with a strong attention to detail
  • Experience with Windows, Windows Server, Active Directory, Group Policy, and VMWare, Cisco networking
  • Technical knowledge of Linux, and UNIX based platforms preferred
  • Ability to handle multiple tasks in a fast paced environment
  • Ability to quickly adapt and change priorities while professionally managing interruptions
  • Must be highly organized and able to meet assigned deadlines
    • serp_jobs.job_alerts.create_a_job

    Information System Security Manager • Newport News, VA, US