Posted today
Top Secret
Unspecified
Unspecified
IT - Software
OK (On-Site/Office)
MTSI is looking for an Senior Information Systems Security Manager at Tinker AFB, OK. The candidate shall have the appropriate DoD 8570 Information Assurance Management certification level, including Security+ IAM Level 1, and CISSP Level 2 and 3 or equivalent certifications, and 3-5 years of classified information systems experience to develop and implement DoD security controls.
ROLE AND RESPONSIBILITIES
The candidate shall work independently on tasks and exercise judgment in the execution of the following tasks:
• Sustain and update the formal IS security program as needed with the Government ISSM.
• Implement and enforce IS security policies.
• Review and endorse all IS assessment and authorization support documentation packages.
• Advise, provide guidance, and assist the IT/IA team to ensure compliance with established IS policies and procedures.
• Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
• Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
• Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, SysAdmin) and security training (e.g., ND-225 or equivalent) to carry out their duties.
• Advise ISSOs concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
• Ensure the development of system assessment and authorization documentation by reviewing and endorsing such documentation and recommending action to the DAO/SCA.
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
• Maintain, as required by the DAO/SCA, a repository for all system assessment and authorization documentation and modifications.
• Coordinate IS security inspections, tests, and reviews.
• Investigate and report (to the DAO/SCA and local management) security violations and incidents, as appropriate.
• Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
• Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
• Ensure development and implementation of an effective IS security education, training, and awareness program.
• Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
• Develop procedures for responding to security incidents, and for investigating and reporting (to the DAO/SCA and to local management) security violations and incidents, as appropriate.
• Serve as a member of the configuration management board, where one exists (however, the ISSM may elect to delegate this responsibility to the ISSO.)
• Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know and assume only those roles and privileges for which they are authorized.
EXPERIENCE, SECURITY AND EDUCATION RQERUIRMENTS
• Shall have senior level experience (minimum 10 years) demonstrating and practicing their knowledge, skills, and abilities directly related to information security.
• Must have 12 months or more experience in SAP environment within the last five years
• Must possess an active Top Secret security clearance, current within five years, and be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.
• Candidate will be required to fill out a Pre-Screening Questionnaire prior to hiring consideration
• Have at least a Master of Science degree in Information Security
#LI-DB1
ROLE AND RESPONSIBILITIES
The candidate shall work independently on tasks and exercise judgment in the execution of the following tasks:
• Sustain and update the formal IS security program as needed with the Government ISSM.
• Implement and enforce IS security policies.
• Review and endorse all IS assessment and authorization support documentation packages.
• Advise, provide guidance, and assist the IT/IA team to ensure compliance with established IS policies and procedures.
• Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
• Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
• Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, SysAdmin) and security training (e.g., ND-225 or equivalent) to carry out their duties.
• Advise ISSOs concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
• Ensure the development of system assessment and authorization documentation by reviewing and endorsing such documentation and recommending action to the DAO/SCA.
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
• Maintain, as required by the DAO/SCA, a repository for all system assessment and authorization documentation and modifications.
• Coordinate IS security inspections, tests, and reviews.
• Investigate and report (to the DAO/SCA and local management) security violations and incidents, as appropriate.
• Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
• Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
• Ensure development and implementation of an effective IS security education, training, and awareness program.
• Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
• Develop procedures for responding to security incidents, and for investigating and reporting (to the DAO/SCA and to local management) security violations and incidents, as appropriate.
• Serve as a member of the configuration management board, where one exists (however, the ISSM may elect to delegate this responsibility to the ISSO.)
• Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know and assume only those roles and privileges for which they are authorized.
EXPERIENCE, SECURITY AND EDUCATION RQERUIRMENTS
• Shall have senior level experience (minimum 10 years) demonstrating and practicing their knowledge, skills, and abilities directly related to information security.
• Must have 12 months or more experience in SAP environment within the last five years
• Must possess an active Top Secret security clearance, current within five years, and be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.
• Candidate will be required to fill out a Pre-Screening Questionnaire prior to hiring consideration
• Have at least a Master of Science degree in Information Security
#LI-DB1
group id: RTL041421
N
