Information System Security Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

Laveer Engineering ยท 1 month ago

Information System Security Manager

positionCranberry Township, PA
timeFull-time
remoteHybrid
senioritySenior Level
money$103K/yr - $129K/yr
date5+ years exp

Westinghouse is a leading company in the nuclear energy industry, dedicated to providing clean energy solutions. The Information System Security Manager will oversee the cybersecurity of protected information systems, ensuring compliance and security for classified information, while collaborating with various departments to maintain the integrity of the systems.

Industrial EngineeringMechanical EngineeringService Industry
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Be the designated Information Systems Security Manager (ISSM) responsible for overseeing the security, accreditation, and compliance of all WGS protected information systems processing Classified or Controlled Unclassified Information (CUI)
Establish and improve WGS's Information System Security Program, ensuring agreement on federal cybersecurity standards, corporate policies, and contractual requirements
Be the Responsible System Owner (RSO) for protected systems and maintain accountability for their security posture throughout their lifecycle
Develop, document, and maintain Risk Management Framework (RMF) and Assessment & Authorization (A&A) documentation
Certify in writing to the Cognizant Security Agency (CSA) that we implement the System Security Plan (SSP). Additionally, certify that required controls are in place and tested, and that systems continue to operate as authorized
Ensure compliance with all applicable cybersecurity requirements
Conduct or oversee self-inspections and audits on WGS protected systems at least annually; document, track, and resolve corrective actions
Collaborate with the IT Department, External Service Provider (ESP), and Managed Service Provider (MSP) to provide cybersecurity governance and guidance. This ensures that technical operations align with approved configurations, security baselines, and accreditation requirements
Review and assess configuration changes and vulnerabilities with input from IT and network providers to determine security impact and obtain required approvals (FSO, IT, ESP) prior to implementation
Maintain the Security Controls Traceability Matrix (SCTM) to document implementation of applicable NIST 800-53 and 800-171 controls
Integrate Insider Threat awareness and reporting requirements into the WGS information system security program with the Insider Threat Senior Program Official
Ensure that we provide all authorized users with security training and briefings prior to system access and that we maintain and validate user access lists regularly
Maintain daily awareness and monitoring of information systems through security event log reviews, vulnerability analysis, and audit trail inspections
Collaborate with the Corporate Facility Security Officer (FSO), Program Management, IT department and ESP to address incidents, reportable events, and non-compliance findings, ensuring reporting to appropriate authorities
Investigate and report security violations and incidents, coordinating with corporate security and government customers
Maintain working relationships with Program Management, corporate partners, government customers, and subcontractors to ensure security governance and communication
Respond to emergency situations and alarms to support operational continuity and security response
Maintain IAM Level III certification (CISM, CISSP or Associate, GSLC, or CCISO) under DoD 8570 baseline requirements
Respond to emergency situations and alarms
Perform other duties as assigned, in alignment with role qualifications, security needs, and operational requirements

Qualification

Information Systems Security ManagerRisk Management Framework (RMF)CISMCISSPGSLCCCISOVulnerability scansCompliance with cybersecurity requirementsIncident responseSecurity trainingCollaboration skills

Required

Bachelor's degree in a related field, or four years of equivalent experience in addition to the experience outlined below
Five or more years of experience are required. This experience may be a combination of industry and U.S. military experience. It should include experience as an ISSM implementing various standards, such as 32 CFR 117, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements
Familiarity with vulnerability scans, ODAA Baseline Standard Requirements, and the Risk Management Framework (RMF)
U.S. Citizenship and the ability to maintain national security eligibility required

Preferred

One of the following certifications: CISM, CISSP (or Associate), GSLC, or CCISO (DoD 8750) preferred

Benefits

Comprehensive Medical benefits which could include medical, dental, vision, prescription coverage and Health Savings Account (HSA) with employer contributions options
Wellness Programs designed to support employees in maintaining their health and well-being including Employee Assistance Program providing support for our employees and their household members
401(k) with Company Match Contributions to support employees' retirement
Paid Vacations and Company Holidays
Opportunities for Flexible Work Arrangements to promote work-life balance
Educational Reimbursement and Comprehensive Career Programs to help employees grow in their careers
Global Recognition and Service Programs to celebrate employee accomplishments and service
Employee Referral Program

Company

Laveer Engineering

twittertwitter
company-logo
Laveer Engineering provides custom and off the shelf equipment solutions to industry.
dateFounded in 2013
location
Burlington, Ontario, CAN
people-size11-50 employees
web-link
https://laveer.ca/

Funding

Current Stage
Early Stage
Total Funding
unknown
2021-06-01Acquired
Company data provided by crunchbase