Information Systems Security Manager (ISSM)

Hybrid | Washington D.C. | 2-3 days a week Onsite

Active Top Secret Clearance Required - With the Ability to Obtain a SCI

Summary

Our client is an employee and Service-Disabled, Veteran-owned Small Business focused on providing niche technical services. They are a team of experienced cybersecurity professionals with a track record of success in the Federal, Commercial, and Academic workspaces. Additionally, our client designs, builds, operates, and secures scalable cloud and IT infrastructures to meet their customers’ near-term needs and fulfill their long-term requirements.

Responsibilities

Our client is looking for multiple Information Systems Security Managers to join their growing team!

• Consult for the client leading the discovery of their cyber risks, understanding policies, and developing a mitigation plan

• Oversee the analysis of technical, environmental, and personnel details from subject matter experts and engineers as your team reviews the entire threat landscape

• Guide your client through a plan of action with presentations, whitepapers, and milestones

• Translate security concepts so they can make the best decisions to secure their mission critical systems

This is your opportunity to take a leadership role in information security while sharing your skills in cloud technologies with both your clients and your team.

Requirements

• 5+ years of experience of RMF/cybersecurity risk management experience
• 1+ years of experience in a lead/leadership position
• 10+ years of overall IT experience
• Experience with authorizations for an Azure environment
• Experience working with tools Nipper for network security auditing and assessing the security of network devices and configurations
• Experience with the implementation, oversight, and maintenance of the security configuration, practices, and procedures for systems, including systems hosted in cloud environments
• Experience implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF (XACTA), and DoD Information Levels, including applying them to the design and implementation of information technology solutions to achieve an authorization to operate
• Experience assessing configuration changes such as new COTS tools or web application upgrades to system security boundary
• Experience with vulnerability scanning tools such as ACAS or Nessus, container-based variants such as Anchore, and code-based variants such as SonarQube

Education/Certification Requirements

• A Bachelor's degree in CS, Cybersecurity, IT, Software Engineering, Information Systems, Computer Engineering, or a related Mathematics or Engineering field

AND/OR

• A CISSP-ISSMP or GSLC certification

Clearance Requirements

• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; an active Top Secret clearance is required with the ability to obtain a SCI within a year