Senior Information System Security Manager (ISSM)

Job Title: Senior Information System Security Manager (ISSM)

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: Top Secret

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Local

* * *

The Opportunity:

The Senior Information System Security Manager (ISSM) shall provide leadership and oversight for designated Information System Security Officers (ISSOs) and other cybersecurity personnel to support customer systems throughout the Risk Management Framework (RMF) lifecycle. This includes directing and coordinating systems' Authority to Operate (ATO) efforts and maintaining a security posture in compliance with FISMA, DHS 4300 Series, NIST, and applicable DHS and Component directives.

This shall include providing IT security assessment and IT security audit preparatory and support functions to ensure FISMA compliance; leading the development, review, and maintenance of documentation in support of Certification & Accreditation (C&A) / security authorization as required by the Federal Information Security Management Act (FISMA); ensuring all C&A and system security documentation is kept up to date; overseeing the implementation and continuous monitoring of security controls; and ensuring systems meet all security requirements mandated by DHS and NIST RMF (e.g., NIST SP 800-37, NIST SP 800-53).

Clearance Required: Active Top Secret with SCI eligibility

Primary Location: Washington, DC

Alternate Location: Mount Weather (Bluemont, VA) - this is expected to be for specific events

Responsibilities:

• Manage staff of 10 engineers including timecard and performance management.
• Prepare all reports and required deliverables, attend client and staff meetings.
• Train staff in new technologies, current tools, and FISMA, DHS 4300, NIST and FIPS requirements.
• Oversee execution of the NIST Risk Management Framework (RMF) for assigned systems (categorize, select, implement, assess, authorize, and monitor controls), ensuring artifacts and activities for each RMF step are planned, documented, and kept current.
• Manage FISMA boundary specific workload prioritization, and work quality reviews for ISSOs and other cybersecurity personnel.
• Serve as the Information System Security Manager (ISSM) in accordance with DHS 4300 Series and NIST RMF, providing overall management of the information system security program for assigned systems.
• Ensure alignment with NIST and DHS standards.
• Coordinate with the Authorizing Official (AO), AO Designated Representative, System Owner, and Component CISO staff to communicate system risk posture, significant findings, and risk acceptance decisions.
• Prepare and/or approve all reports and required deliverables and represent the security program in client and staff meetings.
• Follow the Information Systems Security Manager (ISSM) / Information System Security Officer (ISSO) Guides when developing, updating, reviewing, or approving required security artifacts.
• Participate in or chair configuration/change control boards (CCBs) for assigned systems, ensuring security impact analysis is performed and documented for proposed changes prior to implementation.
• Ensure proper access controls are implemented and periodically reviewed for both system access and physical access to data processing facilities, consistent with NIST and DHS 4300 requirements.
• Oversee the creation, update, review, and readiness of system Authority to Operate (ATO) packages, and coordinate with the Authorizing Official (AO) and other stakeholders as required.
• Provide information security expertise and risk guidance to system development and operations teams throughout the System Engineering Lifecycle process, including participation in change control processes.
• Ensure Plan of Action & Milestone (POA&M) reports are maintained that security vulnerabilities are tracked and reported, and that remediation activities are planned, prioritized, and validated so support closure.
• Track and recommend technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and ensure alignment with DHS and NIST guidance.
• Oversee network device and information security incident, damage, and threat assessment programs, ensuring procedures are documented, tested, and consistently applied.
• Direct and coordinate investigations of network device and information security incidents to determine extent of compromise to national security information and automated information systems and ensure timely reporting to appropriate authorities.
• Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption, and guiding staff in their adoption where appropriate.
• Design, develop, or recommend integrated system solutions ensuring proprietary/confidential data and systems are protected in accordance with mandated standards.
• Oversee the configuration and validation of secure systems; review testing of security products/systems to detect computer and information security weaknesses; and ensure that identified risks are documented and addressed.
• Review, approve, and maintain in the system of record security architecture documentation; provide critical written and verbal analyses of security architecture documentation and vulnerability and risk assessments.
• Oversee the design and implementation of plans of action and milestones to remediate findings from vulnerability and risk assessments and track progress through closure.
• Provide information assurance for digital information, ensuring its confidentiality, integrity, and availability across assigned systems and environments.
• Lead and oversee authorization to operate IT systems at acceptable levels of risk; manage continuous monitoring activities; oversee vulnerability assessments and monitoring for indicia of compromise; coordinate incident response and remediation; and contribute to the development and maintenance of security policies, user security awareness and training materials, and compliance with applicable government and external standards.
• Ensure the timely recruitment and training of staff
• Conduct performance evaluations of staff
• Supervise, motivate, develop and direct staff in successful execution of assigned task areas

Qualifications:

Required:

• Current active Top Secret clearance with SCI eligibility
• FEMA EOD suitability or Current DHS or FEMA EOD preferred
• BS/BA + 15 years of applicable experience (or equivalent)
• Experience managing a team of 10+ individuals
• Must have one of the following Information Assurance Management (IAT) Level III qualifications:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
• At least five years of experience working with FISMA
• Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security
• Knowledge of information security best practices, Enterprise Architecture, DHS experience
• Experience with CSAM, Regscale, or similar tools.

Desired:

• Previous DHS or DoD experience

-

What You Can Expect:

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.

Pay Range :

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

Since this position can be worked in more than one location, the range shown is the national average for the position.

The proposed salary range for this position is:
$90,300-$189,600

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.