Information System Security Manager
Leidos is looking for an Information System Security Manager (ISSM) to support a large opportunity for supporting operations for Integrated Information & Cyber Security Services.
The ISSM is responsible for the management and technical administration of the Cyber Security Program in accordance with internal and external security requirements. The ISSM will oversee day-to-day information system security operations, resolve complex problems, and develop innovative solutions to meet changing security requirements. The ISSM will serve as the Subject Matter Expert (SME) within the Information Assurance technical domain. Ability to work independently as well as with a team of analysts, information technology management and staff, and site management. The ideal candidate will be adaptable to diverse office situations, procedures, and demands.
Responsible for the following tasks:
- Develops and leads Information Security projects from conceptualization to full deployment and user acceptance
- Manages staff to deliver Cyber Operations, Cyber process improvements, and Cyber project execution
- Continuous monitoring, analysis, and response to Information System network and security events.
- Documents compliance activities in accordance with the governing authority-approved authorization package.
- Develop procedures and documentation to ensure compliance with Configuration Management (CM) for security-relevant Information System (IS) software, hardware, and firmware.
- Ensures systems are operated, maintained, and disposed of in accordance with the governing authority-approved authorization package and customer directives.
- Evaluate proposed changes or additions to the information system and advise senior site leadership of the security relevance.
- Develop and conduct cybersecurity education and training.
- Mentor other engineers in the art of cybersecurity and secure software development practices
- Participates in internal/external security audits/assessments/inspections; participates in the risk management process; performs risk assessments and Continuous Monitoring
- Leads investigations of computer security violations and incidents, reporting as necessary to both the Facility Security and Senior Program Managers.
- Ensure proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered
- Working with the Facility Security Officer (FSO), develop, implement, and manage a formal Information Security/Information Systems Security Program.
- Develop, implement, and enforce Information Security Policies and Procedures.
- Author, review, and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization activities
- Ability to acquire and maintain U.S. Department of Energy Q clearance
- U. S. Citizen
- Bachelor’s degree in an IT-related subject matter area from an accredited college or university and 5+ years of experience in an IT-related position with at least five years being in an operational cyber security-specific role (e.g., information system security manager, information system security officer, cyber security specialist) or have 10+ years of experience in an IT related position with at least seven of those years in an operational cyber security specific role.
- At least 3 years of IT Team leadership and management experience, preferably 3 years of Cyber management experience
- Detailed understanding of the Risk Management Framework (RMF), National Institute of Standards and Technology (NIST), and Committee on National Security Systems (CNSS) cyber security requirements and guidance, cybersecurity-related risk management techniques
- Familiarity with network technologies (LAN & WAN) and best practices within a classified environment including crypto and key management
- Working knowledge with Microsoft Windows operating systems (workstation & server), Linux, and system virtualization (multiple hypervisors) in a secure network environment
- Experience with compliance scanning tools and vulnerability scanning tools (e.g., Tenable)
- Must be able to work in a constantly changing regulatory environment with short-, mid-and long-term timelines for remediating any non-compliance
- Must be able to work well within a team environment and able to adapt quickly to change
- Excellent verbal and written communication skills
- Possess a Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or similar professional certification
- Past or current ISSM/ISSO experience
- Extensive experience working with external audit teams
- Periodic travel within KY and to OH
- DOE or DOD IS knowledge and experience
- Security hardening scripting/automation experience
- Microsoft OS Certification (MCSE Win 7 or other)
- Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.)
- Knowledge of waterfall and agile development processes and DevOps tools such as Azure
- Cyber Management-level certifications i.e., CISM or CISSP
- IT or Cyber Security Project Management experience
Pay Range:Pay Range $97,500.00 - $176,250.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.