Information System Security Manager (ISSM) - The Brixton Group, Inc.
Arlington, VA 22201
About the Job
Responsibilities:
- Develop, implement, and maintain a comprehensive information security program that includes policies, procedures, and guidelines to protect the organization’s information assets.
- Regularly review and update the information security program to ensure it remains effective and aligned with industry best practices and regulatory requirements.
- Ensure that the organization’s information systems comply with all applicable security regulations and standards, including NIST, FISMA, and the Joint Special Access Program Implementation Guide (JSIG).
- Conduct regular audits and assessments to verify compliance and address any identified gaps.
- Lead the implementation and maintenance of security controls, such as access controls, data encryption, and vulnerability management.
- Collaborate with IT and other departments to integrate security controls into existing and new systems.
- Manage the organization’s security incident response process, including the investigation of security incidents and coordination with internal and external stakeholders to resolve incidents.
- Develop and maintain an incident response plan, conduct regular drills, and ensure all relevant personnel are trained on incident response procedures.
- Provide guidance and support to technical teams in the development and implementation of security solutions and technologies.
- Stay current with emerging security trends, threats, and technologies to provide informed recommendations.
- Conduct security risk assessments to identify potential threats and vulnerabilities.
- Develop and implement risk mitigation strategies to address identified risks, including the creation of risk management plans and the prioritization of security initiatives.
- Generate and maintain documentation required for Risk Management Framework (RMF) processes, including Standard Operating Procedures (SOPs), security plans, risk assessments, and Plans of Action and Milestones (POA&M).
Requirements:
- Candidates must have an active TS/SCI clearance with the ability to obtain CI Poly.
- IAM level III certification (GSLC, CISM, CISSP, CCISO), or ability to obtain certification within six months of hiring.
- Bachelor’s degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement.
- 8 years of experience in cybersecurity or a related field, with prior experience in a leadership role
- 2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community.
- Strong knowledge of cybersecurity principles, tools, and techniques.
- Security+ or equivalent (DoD 8570) if currently no IAM Level III certifications above
Preferred Qualifications:
- Experience with federal information systems, Special Access Programs (SAPs) or Intelligence Community (IC).
- Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG)
Source : The Brixton Group, Inc.