No more applications are being accepted for this job
- Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.
- Assist in the execution and management of the Risk Management Framework (RMF) and advise ISSOs on proper application of cybersecurity policies and requirements.
- Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.
- Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
- Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Identify alternative information security strategies to address organizational security objectives.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Participate in information security risk assessments during the Security Assessment and Authorization process.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.
- Provide technical and procedural information system advice to risk management team.
- Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.
- Assume ISSO responsibilities in the absence of ISSO.
- Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.
- Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.
- Maintain a working knowledge of system technology, security policies, and security safeguards.
- Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.
- Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.
- Provide role-based training for assigned ISSOs specific to their roles and responsibilities.
- Brief senior management on the status of ISSOs and their assigned projects.
- Work with senior leadership to mature risk management processes.
- Develop and formalize risk management training for varied stakeholder groups.
- Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.
- Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.
- Participate in the technical security evaluation and assessment of new technologies.
- Provide audit support to cybersecurity for audit activities and recommendations.
- 8+ years of demonstrated work experience in cybersecurity risk management.
- Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.
- Current certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.
- Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.
- Strong knowledge and expertise with NIST publications.
- Demonstrated experience providing quality A&A deliverables.
- Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.
- Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.
- Understanding of management, operational and technical cybersecurity principles.
- Excellent written and oral communication skills.
- Must possess an active Secret Clearance.
- Experience with privacy principles and frameworks is preferred.
Information Systems Security Manager - Washington, United States - Lawelawe Management Group LLC
Description
The Information Systems Security Manager (ISSM) will be responsible for leading a team to execute risk management efforts against the CAO's inventory of on premise, vendor, and cloud-based systems.Key Responsibilities: