Information Systems Security Manager - Washington, United States - Lawelawe Management Group LLC

    Lawelawe Management Group LLC
    Lawelawe Management Group LLC Washington, United States

    2 weeks ago

    Default job background
    Upper Management / Consulting
    Description
    The Information Systems Security Manager (ISSM) will be responsible for leading a team to execute risk management efforts against the CAO's inventory of on premise, vendor, and cloud-based systems.

    Key Responsibilities:
    • Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.
    • Assist in the execution and management of the Risk Management Framework (RMF) and advise ISSOs on proper application of cybersecurity policies and requirements.
    • Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.
    • Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.
    • Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
    • Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.
    • Ensure that security improvement actions are evaluated, validated, and implemented as required.
    • Identify alternative information security strategies to address organizational security objectives.
    • Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
    • Participate in information security risk assessments during the Security Assessment and Authorization process.
    • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
    • Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.
    • Provide technical and procedural information system advice to risk management team.
    • Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.
    • Assume ISSO responsibilities in the absence of ISSO.
    • Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.
    • Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.
    • Maintain a working knowledge of system technology, security policies, and security safeguards.
    • Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.
    • Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.
    • Provide role-based training for assigned ISSOs specific to their roles and responsibilities.
    • Brief senior management on the status of ISSOs and their assigned projects.
    • Work with senior leadership to mature risk management processes.
    • Develop and formalize risk management training for varied stakeholder groups.
    • Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.
    • Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.
    • Participate in the technical security evaluation and assessment of new technologies.
    • Provide audit support to cybersecurity for audit activities and recommendations.
    Qualifications:
    • 8+ years of demonstrated work experience in cybersecurity risk management.
    • Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.
    • Current certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.
    • Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.
    • Strong knowledge and expertise with NIST publications.
    • Demonstrated experience providing quality A&A deliverables.
    • Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.
    • Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.
    • Understanding of management, operational and technical cybersecurity principles.
    • Excellent written and oral communication skills.
    • Must possess an active Secret Clearance.
    Preferred Qualifications:
    • Experience with privacy principles and frameworks is preferred.