Jun 12
Top Secret/SCI
Senior Level Career (10+ yrs experience)
$125,000 - $150,000
Occasional travel
IT - Security
Lackland AFB, TX (On-Site/Office)
The successful candidate is expected to accomplish the following outcomes during the first year in the position:
Formally track all tasks, to include assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request.
Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks.
Create 2-3 products beyond the client’s requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.
Master position tasks within 60 days and exceed requirements within 90 days.
Responsibilities:
The Senior Information Systems Security Manager shall provide Senior onsite ISSM support for the JBSA Department of the Air Force Counter Insider Threat (DAF C IN T) programs, systems and related interfaces. The Senior ISSM is responsible for ensuring the security and integrity of the organization's information systems, specifically in accordance with Department of Defense (DoD) and department of the Air Force cybersecurity requirements. This role involves developing, implementing, and managing security policies, procedures, and controls to protect classified and sensitive data from cyber threats. Additionally, the ISSM will provide efficient and effective management and operation of the organization, activities, or systems specifically related to cybersecurity in all phases of Risk Management Framework (RMF). Per section 1.3.9, Cybersecurity Support, specific responsibilities include but are not limited to:
Provide professional services to address system security Governance, Documentation and Risk Management.
Lead the development and enforcement of cybersecurity policies and procedures.
Manage system accreditation and compliance with RMF, NIST 800-53, DoD 8570, and FISMA.
Coordinate and oversee security control assessments and vulnerability management.
Lead incident response planning and security awareness training efforts.
Serve as the primary cybersecurity liaison between leadership, ISSOs, ISSEs, and related stakeholders.
Create and maintain executive-level briefings (1 Star or above) for CDMM engagements.
Support system authorizations
Facilitate and support the Cyber Incident Handling,
Support the System Life Cycle Management Processes (e.g. Engineering Change and Configuration Management),
Support Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, Reviews, and manage continuous monitoring.
Support the Department of Defense Information Network (DODIN) Connection Approval Process
Coordinate with the Cybersecurity Service Provider (CSSP).
Pursue increased mission capability, enhancing customer experience, and improving coordination across the enterprise.
· Conduct cost/benefit analysis on proposals for Government review for any recommended efforts that require resources external to the organization.
· Document and produce cybersecurity assessments, security impact analysis, and system authorization of JBSA- DAF C In T Information Systems.
· Manage submission of documentation and organize artifacts in the appropriate repository per DAF C In T program guidance.
Provide strategic advice, technical guidance to program and project staff. detailed analysis, evaluation, and recommendations for improvements, optimization, and/or maintenance efforts for specified mission-critical challenges/issues.
Develop, implement, and maintain system categorizations, information security policies, security assessment procedures, security control traceability matrices (SCTM), in compliance with DoD risk management framework regulations and guidelines, including CNSSI 1253, DoD 8500, DoD 8510, DoD JSIG, NIST Special Publication Series, and DAF cybersecurity requirements.
Manage the implementation and operation of security tools and technologies, such as firewalls, intrusion detection systems, SIEM’s, vulnerability scanners, anti-malware, encryption solutions, and cloud service provider cybersecurity tools, services, and features.
Ensure compliance with DoD and DAF directives, including but not limited to FISMA, NIST, and DISA STIGs, DISA SRG’s.
Coordinate and manage security incident response activities, including detection, analysis, containment, eradication, and recovery.
Provide security guidance and support to system owners, developers, and administrators throughout the system development lifecycle (SDLC).
Develop and conduct security awareness training programs for staff and contractors.
Prepare and maintain security documentation, including but not limited to System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), security control plans/policies, security control assessment procedures, risk assessment reports, security assessment reports, incident response and after-action reports, vulnerability, and compliance reporting, and so on.
Stay current with emerging cybersecurity threats, technologies, and DoD security requirements to continuously improve the organization's security posture.
Support a cross-functional team of technical experts and government staff.
May serve as the Data/Cybersecurity Task Team Lead, and assist the Task Lead in management of workflow, quality, and delivery. The team would include the Data Scientist, Data Analyst, and the ISSE.
Qualifications:
The candidate must have the following qualifications:
Minimum of ten (10) years of experience in information security, with at least 3 years in a management or leadership role.
Minimum of six (6) years of specific work-related experience in support of a DOD. component, military, or Federal Government agency.
Strong leadership, policy development, and risk management experience.
Experience with the following processes: Risk Management Framework (RMF) and system authorization, Governance, Cyber Incident Handling, System Life Cycle Management Processes (e.g. Engineering Change and Configuration Management), Vulnerability Management, Malware Protection, Security Assessments, Evaluations and Reviews, Continuous Monitoring, DODIN Connection Approval Process, and Cybersecurity Service Provider (CSSP) processes.
Experience in information systems security management, or engineering.
Ability to operate in overlapping security control and overlay environments (CNSSI 1253, Executive Order 12333, PII/Privacy, HIPAA, Intelligence, etc.)
Understand the Interface with NIPRNET, SIPRNET, JWICS, Defense Messaging System, and other networks (to include SAP networks).
Knowledge of NIST 800-53 and Knowledgeable on DoD established Directive 8140.
Required Certifications:
Personnel shall be IAT Level II certified in accordance with DoD 8570.01-M.
· IAM Level III certification (i.e. CAP, CASP+CE, CISM, CISSP, GSLC, or CCISO)
The following qualifications are desired:
Experience as a staff officer (e.g. DoD staff, Service Staff, CCMD staff, Joint Staff, or equivalent (preferred).
Travel: Some local travel and TDY travel may be required, less than 10%.
Other Requirements:
We seek:
Highly motivated self-starters
Resourceful individuals with extraordinary intellectual capability and the ability to rapidly learn and apply new concepts.
Individuals who have a “let me try” attitude and are resilient, present an opinion/position, justify it, and then accept whatever decision is made and charge forward.
Individuals who view criticism as an opportunity to improve (“let me try again”)
Individuals who think and create, enhancing the company with a steady flow of fresh ideas, perspective, and energy.
Formally track all tasks, to include assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request.
Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks.
Create 2-3 products beyond the client’s requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.
Master position tasks within 60 days and exceed requirements within 90 days.
Responsibilities:
The Senior Information Systems Security Manager shall provide Senior onsite ISSM support for the JBSA Department of the Air Force Counter Insider Threat (DAF C IN T) programs, systems and related interfaces. The Senior ISSM is responsible for ensuring the security and integrity of the organization's information systems, specifically in accordance with Department of Defense (DoD) and department of the Air Force cybersecurity requirements. This role involves developing, implementing, and managing security policies, procedures, and controls to protect classified and sensitive data from cyber threats. Additionally, the ISSM will provide efficient and effective management and operation of the organization, activities, or systems specifically related to cybersecurity in all phases of Risk Management Framework (RMF). Per section 1.3.9, Cybersecurity Support, specific responsibilities include but are not limited to:
Provide professional services to address system security Governance, Documentation and Risk Management.
Lead the development and enforcement of cybersecurity policies and procedures.
Manage system accreditation and compliance with RMF, NIST 800-53, DoD 8570, and FISMA.
Coordinate and oversee security control assessments and vulnerability management.
Lead incident response planning and security awareness training efforts.
Serve as the primary cybersecurity liaison between leadership, ISSOs, ISSEs, and related stakeholders.
Create and maintain executive-level briefings (1 Star or above) for CDMM engagements.
Support system authorizations
Facilitate and support the Cyber Incident Handling,
Support the System Life Cycle Management Processes (e.g. Engineering Change and Configuration Management),
Support Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, Reviews, and manage continuous monitoring.
Support the Department of Defense Information Network (DODIN) Connection Approval Process
Coordinate with the Cybersecurity Service Provider (CSSP).
Pursue increased mission capability, enhancing customer experience, and improving coordination across the enterprise.
· Conduct cost/benefit analysis on proposals for Government review for any recommended efforts that require resources external to the organization.
· Document and produce cybersecurity assessments, security impact analysis, and system authorization of JBSA- DAF C In T Information Systems.
· Manage submission of documentation and organize artifacts in the appropriate repository per DAF C In T program guidance.
Provide strategic advice, technical guidance to program and project staff. detailed analysis, evaluation, and recommendations for improvements, optimization, and/or maintenance efforts for specified mission-critical challenges/issues.
Develop, implement, and maintain system categorizations, information security policies, security assessment procedures, security control traceability matrices (SCTM), in compliance with DoD risk management framework regulations and guidelines, including CNSSI 1253, DoD 8500, DoD 8510, DoD JSIG, NIST Special Publication Series, and DAF cybersecurity requirements.
Manage the implementation and operation of security tools and technologies, such as firewalls, intrusion detection systems, SIEM’s, vulnerability scanners, anti-malware, encryption solutions, and cloud service provider cybersecurity tools, services, and features.
Ensure compliance with DoD and DAF directives, including but not limited to FISMA, NIST, and DISA STIGs, DISA SRG’s.
Coordinate and manage security incident response activities, including detection, analysis, containment, eradication, and recovery.
Provide security guidance and support to system owners, developers, and administrators throughout the system development lifecycle (SDLC).
Develop and conduct security awareness training programs for staff and contractors.
Prepare and maintain security documentation, including but not limited to System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), security control plans/policies, security control assessment procedures, risk assessment reports, security assessment reports, incident response and after-action reports, vulnerability, and compliance reporting, and so on.
Stay current with emerging cybersecurity threats, technologies, and DoD security requirements to continuously improve the organization's security posture.
Support a cross-functional team of technical experts and government staff.
May serve as the Data/Cybersecurity Task Team Lead, and assist the Task Lead in management of workflow, quality, and delivery. The team would include the Data Scientist, Data Analyst, and the ISSE.
Qualifications:
The candidate must have the following qualifications:
Minimum of ten (10) years of experience in information security, with at least 3 years in a management or leadership role.
Minimum of six (6) years of specific work-related experience in support of a DOD. component, military, or Federal Government agency.
Strong leadership, policy development, and risk management experience.
Experience with the following processes: Risk Management Framework (RMF) and system authorization, Governance, Cyber Incident Handling, System Life Cycle Management Processes (e.g. Engineering Change and Configuration Management), Vulnerability Management, Malware Protection, Security Assessments, Evaluations and Reviews, Continuous Monitoring, DODIN Connection Approval Process, and Cybersecurity Service Provider (CSSP) processes.
Experience in information systems security management, or engineering.
Ability to operate in overlapping security control and overlay environments (CNSSI 1253, Executive Order 12333, PII/Privacy, HIPAA, Intelligence, etc.)
Understand the Interface with NIPRNET, SIPRNET, JWICS, Defense Messaging System, and other networks (to include SAP networks).
Knowledge of NIST 800-53 and Knowledgeable on DoD established Directive 8140.
Required Certifications:
Personnel shall be IAT Level II certified in accordance with DoD 8570.01-M.
· IAM Level III certification (i.e. CAP, CASP+CE, CISM, CISSP, GSLC, or CCISO)
The following qualifications are desired:
Experience as a staff officer (e.g. DoD staff, Service Staff, CCMD staff, Joint Staff, or equivalent (preferred).
Travel: Some local travel and TDY travel may be required, less than 10%.
Other Requirements:
We seek:
Highly motivated self-starters
Resourceful individuals with extraordinary intellectual capability and the ability to rapidly learn and apply new concepts.
Individuals who have a “let me try” attitude and are resilient, present an opinion/position, justify it, and then accept whatever decision is made and charge forward.
Individuals who view criticism as an opportunity to improve (“let me try again”)
Individuals who think and create, enhancing the company with a steady flow of fresh ideas, perspective, and energy.
group id: 91099906
