System Security Manager, ISSO

Location: Boston, MA, United States
Date Posted: 08-05-2017
Security Services
The Security Services Department's overall mission is to ensure a safe and secure environment and protect staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
The Division Information System Security Manager (ISSM) - ITS Level III will perform as an ISSM and will provide information security support to several independent Laboratory research groups. The ISSM will develop and maintain a formal information systems (IS) security program with associated policies protecting classified and unclassified computer systems in a heterogeneous computer environment which could consist of any variation of Linux, Unix, Sun, Mac, or Windows systems.  Will manage daily operations of assigned Information Systems Security Officers (ISSO).  Will develop and maintain multiple System Security Plans (SSP); ensuring systems are operated, maintained, and disposed of according to the approved SSP.  Will conduct security compliance audits, IS audits, and perform security vulnerability assessments on Laboratory IS.  Will coordinate IS security inspections, tests, and reviews.  Will establish and maintain configuration management policies and procedures.  Will ensure users and ISSOs are subject to an effective IS security education, training, and awareness program.  Will facilitate and oversee the accreditation of new systems, provide support for the re-accreditation of existing systems, and coordinate the proper de-certification and sanitization of classified systems and media.  Will have an in-depth knowledge of computer security principles and policies to include the National Industrial Security Operations Manual (NISPOM) and the Defense Security Service (DSS) Assessment and Authorization Manual (DAAPM).  Will be able to implement and test IT security policies/procedures as part of a fully integrated IT security program.  Will coordinate and participate in the investigation and mitigation of information system adverse events.  Will assume ISSO responsibilities in the absence of the ISSO.  Must be able to respond to off-hour emergencies as needed.  Must have demonstrated ability to follow-up and solve problems.  Position requires some local and overnight travel.

Requirements:
Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or relevant work experience or related field desired. A minimum of 5 years of IT security experience in DoD Industrial Security is strongly desired, preferably in a compartmented program environment. Technical experience and skills, course work completed toward a degree, and industry IT certifications may be considered substitutes for education and DoD security experience. Familiarity with Risk Management Framework (RMF), NISPOM Chapter 8, DAAPM, NIST SP 800-53r4 and other associated NIST publications is desired. Technical experience and skills in securing multiple operating systems such as Windows Server and clients, Linux, Solaris, and virtualization technologies. Ability to achieve DoD 8570 IAM Level II Baseline Certification within 6 months of appointment; preferably candidate possesses ISC2 CISSP. Demonstrated capabilities in presenting ideas written and orally within a cross-functional environment required. Prior experience working in a collaborative team environment desired. Prior experience working with SIPRNet or other classified government networks is desired. The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information. The ability to obtain and maintain a government (DoD) security clearance is required
 

 
or
this job portal is powered by CATS