Information System Security Manager, Principal

Torch Technologies

Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL with over 1200 employee-owners. Our team provides superior research, development, and engineering services to the Federal Government and Department of Defense. As one of the nation's top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: "Lighting the Pathway of Freedom". And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us!

Torch Technologies is seeking an Information System Security Manager, Principal to join the team at Hill AFB, UT. Torch Technologies is a 100% employee-owned business dedicated to providing superior research, development, and engineering services to the Department of Defense. As defense contractors, the services we provide directly support the warfighter.

As an Information System Security Manager, Principal your duties will include the following, but are not limited to:

• Serve as the primary cybersecurity technical advisor to the Authorizing Official (AO), Program Manager (PM) and Information System Owner (ISO).
• Maintain the overall security posture of the IT systems, Conventional, PIT or otherwise within the respective organization, and be accountable for the implementation of DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), (29 Dec 2020).
• Perform the provisions and duties outlined in AFI 17-130, Cybersecurity Program Management, (13 Feb 2020) para 2.10.
• Perform ISSM responsibilities as outlined in AFMAN 17-1303, Air Force Cybersecurity Workforce Improvement Program, (12 May 2020) para 2.16 (Attachment 2), as well as, AFI 17-101 (6 Feb 2020).
• Ensure IT professionals within the organization meet requirements outlined in AFMAN 17-1303.
• Develop the organization's cybersecurity program for individual systems and IT programs overall to include cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
• Control the continuous monitoring of systems within their purview to ensure compliance with cybersecurity policies.
• Perform the ISSM duties as outlined in DoDI 8510.01, DoDI 8500.01, AFI 17-101, AFI 17-130, and AFMAN 17-1303 for assigned systems/applications.
• Support implementation of the RMF.
• Assist in the development and maintenance a formal ISs security program and policies for their assigned area of responsibility.
• Assist in supporting the system/application A&A effort, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Air Force policies (i.e., RMF).
• Ensure proper measures are taken when an IS incident or vulnerability is discovered IAW the respective systems authorized security program and policies.
• Maintain and report IS and PIT system assessment and authorization status and issues IAW DoD and USAF guidance.
• Provide direction to the ISSO IAW DoDI 8500.01, AFMAN 17-1303, As well as AFI 17-101 (6 Feb 2020).
• Ensure that ISSOs are appointed in writing and provide oversight to certify they are following established cybersecurity policies and procedures.
• Coordinate with the organization's security manager to ensure issues affecting the organization's overall security are addressed appropriately.
• Ensure that ISOs and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each DoD IS and PIT system are identified to establish accountability, access approvals, and special handling requirements.
• Maintain a repository for all organizational or system-level cybersecurity-related documentation.
• Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.

• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Ensure implementation of IS security measures and procedures including reporting incidents to the AO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 3 for classified information or DoD Manual 5200.01, Volume 4 for Controlled Unclassified Information (CUI), respectively.
• Ensure handling of possible or actual data spills of classified information resident in ISs is conducted in accordance with DoD 5200.01, Volume 3.
• Act as the primary cybersecurity technical advisor to the AO for DoD IS and PIT systems under their purview or as assigned by USG.
• Ensure that cybersecurity-related events or configuration changes that may impact DoD IS and PIT systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs, stewards, and AOs of interconnected DoD ISs.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
• Obtain an ITIPS and EMASS account and ensure that ISSOs author, monitor, and record system information in applicable databases.
• Prepare and record system, security status, and portfolio management information into the Enterprise Mission Assurance Support Service (eMASS) for Federal Information Security Management Act (FISMA); ITIPS for general system information as required; Clinger Cohen Act; and other statutory compliance etc.
• Author, review, certify, and/or maintain information awareness (IA) and security management plans to include RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Security Concepts of Operations, Operational Security (OPSEC) Plans, and other system/network security related documents.

Required Qualifications:

• U.S. Citizenship
• 15 years plus IAM Level III
• OR Bachelor's degree with individual research development plus 7 years plus IAM Level III
• OR Master's degree with individual research development plus 5 years plus IAM Level III

• Ability to obtain and maintain a DoD Top Secret Clearance.
• In addition to the requirements in 3.10, the Cybersecurity ISSM is the primary cybersecurity technical advisor to the Authorizing Official (AO), Program Manager (PM) and Information System Owner (ISO).
• The ISSM is appointed by the USG ISO or Information System (IS) PM, IAW AFI 17-130 para 2.9.2.
• ISSOs are aligned under the ISSM and are overseen by the ISSM and therefore are a separate function.
• DoDM 8140 Information Assurance Management Level requirements:
  
  • IAM Level I (Baseline)
    
    • Suitable for entry-level positions, including ISSO.
    • Focuses on basic knowledge and skills in information assurance.
    • Requires certification such as Security+, GSEC, or equivalent.
  • IAM Level II (Mid-Level)
    
    • Appropriate for mid-level positions, including ISSM.
    • Emphasizes a deeper understanding of information assurance principles.
    • Requires a higher-level certification, typically one of the following: CISSP, CISM, GSLC.
  • IAM Level III (Advanced)
    
    • Geared towards senior and managerial roles.
    • Demands an advanced understanding of information assurance and significant experience.
    • Requires a certification such as CISSP-ISSMP, CISM, or equivalent.

Schedule:M-F; 8-5

Work Location: Onsite

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

#LI-AH1

Benefits:

Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law. Torch Technologies, Inc. participates in E-Verify.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Careers Link as a result of your disability. You can request reasonable accommodations by sending an email to HR@torchtechnologies.com. Thank you for your interest in Torch Technologies.