Apply on Employer Site

Empower AI · 6 hours ago

Information System Security Manager (AROWS)

Andrews AFB, MD

Full-time

Onsite

Mid, Senior Level

4+ years exp

Empower AI is a company focused on providing AI solutions for government agencies, with a commitment to transforming the workforce. They are seeking an Information Systems Security Manager to support the Air National Guard Reserve Order Writing System, responsible for ensuring compliance with security frameworks and implementing security programs.

Information ServicesInformation TechnologySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct information system security inspections, tests, and reviews of the Risk Management Framework (RMF) Information Assurance Package to ensure AROWS maintains an Authority to Operate (ATO). Update artifacts and information within the Enterprise Mission Assurance Support Service (eMASS) to validate Security Controls and Assessments. Develop Plan of Actions and Milestones (POAMs) for non-compliant items

Implement and enforce a formal information system security program, including development and review of security concept of operations, systems security plans, cyber security policies, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans

Demonstrate hands-on knowledge and experience with Information Assurance/Cyber Engineering requirements, design and implementation to include systems engineering principles, requirements analysis, system development (software and hardware), network security architecture concepts (e.g., topology, protocols, components, etc.), and IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, etc.)

Ensures software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides)

Ensures cybersecurity-related events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected IT

Implement Security Information and Event Management Processes, including log aggregation, log analytics, visualization, alerting, and log retention

Qualification

IAM Level II certificationRisk Management Framework (RMF)NIST publications knowledgeInformation Assurance experienceSecurity InformationEvent ManagementWriting skillsVerbal communication skillsTime-management skills

Required

Bachelor's Degree in Information Systems, Information Assurance Management, Computer Science, or related field. (May be substituted for relevant work experience)

4 - 9 years experience

IAM Level II DoD approved cybersecurity baseline certification, or higher (CAP, CASP, CISA, CISM, CISSP (or Associate), GSLC))

Demonstrated on-the-job knowledge and experience of the Risk Management Framework (RMF) process and the National Institute of Standards and Technology (NIST) publications (specifically NIST 800-53 and NIST 800-37), including development and maintenance of associated certification and accreditation documentation

Must possess active Secret Security Clearance