Apply on Employer Site

USAJOBS · 20 hours ago

Information System Security Manager (ISSM) NF5

Quantico, Virginia, USA

Full-time

Onsite

Senior Level

$130K/yr - $150K/yr

7+ years exp

Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! The Information System Security Manager (ISSM) will provide guidance and direction in managing security for information systems, ensuring compliance with cybersecurity policies and conducting assessments to enhance security measures.

ConsultingGovernmentHuman ResourcesInformation TechnologyInternetStaffing Agency

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Provide guidance and direction to Information System Security Managers at the installation and project/program level to provide system security manager services to Marine Corps installations worldwide

Serve as an advocate for all disciplines within the security program including the development and subsequent enforcement of the organization's security awareness programs, business continuity and disaster recovery plans, and all industry and governmental compliance issues

Promote IT security awareness to the user community by validating the user community is completing annual security training

Oversee and maintain regulatory requirements and complete periodic reviews for security implications and security applications

Work closely with and receive reports from Information Systems Security Manager(s), Information Systems Security Officers (ISSO)s, and Information System Security Engineer(s)

Perform security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures

Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)

Follow systematic processes to assess the ability of systems and networks to withstand exploitation by adversaries

Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations and enterprise or local policies, assess the level of risk, and develop and/or recommend appropriate mitigation countermeasures in all situations

Perform technical tests, network scans, vulnerability scans, and penetration testing to evaluate the effectiveness of systems, devices, procedures, and methods used to safeguard information in computer accessible media

Execute established cybersecurity program objectives, policies, and procedures as they relate to NIST standards

Sustain the daily operations of the MR Cybersecurity program objectives to implement processes and procedures as they relate to DoD, DON, USMC, MCCS policy, standards, and guidelines

Provide security oversight for MR and subordinate commands to include coordinating MR security measures, conducting analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels

Focus on content development, communications, and training program management in support of cybersecurity awareness or relevant technical subject domains

Coordinate with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives

Conduct and coordinate training of personnel within pertinent cybersecurity subject domain and develop, plan, and evaluate training courses, methods, and techniques as appropriate

May be responsible for raising security awareness and facilitating improved security

Supervise employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, training employees, keeping abreast of and actively supporting the principles of the EEO program, and prevention of sexual harassment

Must be alert to alcohol abuse and take appropriate action

Coordinate Risk Management Framework activities for MR business lines and associate information technology systems

Ensure that development, review, endorsement, and maintenance of security compliance documentation is accomplished

Facilitate PCI inspections, pen testing, and audits from MR merchant account providers

Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required

Perform other related duties as assigned

Qualification

Information System Security ManagerCybersecurity complianceRisk management processesVulnerability managementSecurity assessmentsIncident response methodologiesTraining developmentAnalytical skillsTeam managementCommunication skills

Required

Bachelor's Degree in Information Technology or Business related field appropriate to the work of position AND seven years of experience performing specific tasks for Information System Security Manager (ISSM), security assessments, vulnerability management, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above

Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident response and handling methodologies, intrusion detection methodologies and techniques for detecting host and network-based intrusions, and organization's risk tolerance and/or risk management approach

Skill in applying security controls, analyzing traffic to identify network devices, conducting application vulnerability assessments, assessing security systems designs, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, preparing Test & Evaluation reports, and running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), conduct vulnerability scans and recognize vulnerabilities in security systems, and translate data and test results into evaluative conclusions

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8140.01) as a condition of access within six months of employment

This position has been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information