Information Security Manager

Oasis Systems, Inc. Lexington , MA 02421

Posted 7 days ago

Overview

Oasis Systems, LLC has an exciting opportunity for an Information Security Manager focusing on corporate level Information and Cyber Security for all locations. The Information Security Manager will be responsible for assisting with the establishment of security strategy, managing cybersecurity operations and implementing and monitoring information security standards and policies. In addition, this individual will maintain IT security Appliances, Software, and Hardware to support the onsite and remote staff as needed. This position reports to the IT Director, and will be tasked with performing the following IT and information security related tasks.

REQUIRED QUALIFICATIONS: (Education, Certifications, Experience, Skills)

  • EXPERIENCE LEVEL: 5-10 years experience in IT with at least five years specialized information or cyber security related work

  • EDUCATION: Bachelor's degree in Information Security or Cybersecurity

  • JOB STATUS: Full-Time and on call 24/7 as necessary

  • Extensive knowledge and understanding of Federally mandated cybersecurity requirements and guidance:

  • NIST Special Publications (800-37, 800-53, 800-18, 800-171, etc.)

  • Federal Information Security Modernization Act (FISMA)

  • Federal Information Processing Standards (FIPS)

  • Strong IT skills including administrative knowledge of hardware, software, networks, and data centers

  • Ability to identify vulnerabilities and potential cybersecurity issues

  • Critical thinking skills, problem solving aptitude, and attention to detail

  • Desire to self-educate on the ever-changing landscape of cyber hacking tactics

  • Excellent customer service skills

  • Excellent judgement and decision-making skills

  • Be highly proactive and self-motivated

  • Strong analytical and problem-solving skills.

  • Strong interpersonal skills to interact with customers, senior and executive level personnel, and team members

  • Strong organization skills to prioritize work and balance complex projects.

  • Strong verbal and written communication skills

  • The ability to accept constructive feedback and implement changes immediately.

  • The ability to prioritize and perform multiple tasks in a timely manner

  • The ability to work well under pressure

  • Ability to obtain a DOD TS Clearance.

Additional Preferred Technical Skills/Industry

Knowledge:
  • Forensic experience

  • Ethical hacking experience

  • Certifications such as CEH, CISSP, or CISM

RESPONSIBILITIES: Functionally, the candidate will be responsible for:

  • Responsible and accountable for establishing and maintaining a strategically sound company-wide information and cyber security program to ensure that IT assets and information are adequately protected, including the oversight and coordination of all cybersecurity efforts, ensuring consistency with regulatory and compliance requirements that govern cybersecurity. This includes, but is not limited to DFARS requirements, FISMA, and NIST

  • Responsible for developing and managing Information Systems cyber security, including disaster recovery, database protection and software implementation/development.

  • Ensures that all applications are functional and secure

  • Lead for developing and delivering Information Security standards, best practices, architecture and systems to ensure information system security across the enterprise including but not limited to: Servers, Storage, Networking, endpoints, email, SAS systems, cloud hosting, etc.

  • Lead for implementing procedures and methods for auditing and addressing non-compliance to information security standards

  • Assists with the migration of non-compliant environments to compliant environments

  • Evaluates and audits the organization to ensure compliance with standards and relevance with industry security norms and regulations applicable to Government Contractors as defined by the DFARS 252.204-7012 clause including NIST special publication 800-171

  • Implement, design, support, and monitor network security devices to protect against internal and external intrusions, attacks, and hacks

  • Identify attempted and/or successful cyber attacks, report them to upper management, and cooperate with appropriate local and federal agencies during and after any investigation.Assess software and hardware for security vulnerabilities and risks.

  • Perform vulnerability scanning and penetration testing on internal systems (Firewalls, servers, Endpoints etc.)

  • Mitigate vulnerabilities and harden the Enterprise as required. This includes, but is not limited to the mitigation of viruses, Trojans, malware and other security vulnerabilities.

  • Train end-users related to cybersecurity issues such as avoiding phishing attacks, social engineering, and malware.

  • Work as part of the IT Team to develop plans, strategies, policies and procedures.

  • Work as part of the IT Help Desk Team for cybersecurity issues and resolutions.

  • Functions as the primary point of contact for information security and Cybersecurity issues.

  • Assists with building and maintaining a heightened awareness of IT and cybersecurity within the organization

  • Assisting with other duties & projects as assigned.

Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.

We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs.

Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Systems Security Manager IV

MIT Lincoln Laboratory

Posted 1 week ago

VIEW JOBS 4/9/2019 12:00:00 AM 2019-07-08T00:00 Security Services The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies. Position Summary The Information Systems Security Manager (ISSM) – IT IC Level IV will provide expert management of all information security support to several independent Laboratory programs assigned. The ISSM will be the primary focal point and have an in-depth knowledge of computer security principles, practices, and procedures in order to execute a comprehensive Information Security program to meet both internal and external requirements. The ISSM will apply security controls based on NIST 800-53 and Risk Management Framework guidelines that protect classified computer systems in a heterogeneous computer environment which could consist of any variation of Linux, Unix, Sun, Mac, or Windows systems. The ISSM will lead and manage daily responsibilities of assigned Information Systems Security Officers (ISSO). The ISSM will develop and maintain multiple System Security Plans (SSP) based on the Joint SAP implementation Guide; ensuring systems are operated, maintained, and disposed of according to the approved SSP. The ISSM will conduct security compliance audits and perform security vulnerability assessments on Laboratory information systems. The ISSM will establish and maintain configuration management policies and procedures. The ISSM will ensure users and ISSOs are subject to an effective information security education, training, and awareness program. The ISSM will facilitate assessment and authorization of new and existing systems. The ISSM will be able to implement and test IT security policies/procedures as part of a fully integrated IT security program. The ISSM will coordinate and participate in the investigation and mitigation of information system adverse incidents. The ISSM will assume ISSO responsibilities in the absence of the ISSO and must be able to respond to off-hour emergencies as needed. Must have demonstrated ability to follow-up and solve problems. Position requires some local and overnight travel. Requirements: * AS/BS degree in Computer Science, Information Technology, Computer Information Systems, or related field desired. * 8+ years of IT security experience in DoD Industrial Security is strongly desired, preferably in a compartmented program environment. * Technical experience and skills, course work completed towards a degree, and industry IT certifications may be considered substitutes for education and DoD security experience. * Ability to achieve DoD 8570 IAM Level III Baseline Certification within 6 months of appointment; preferably candidate possesses ISC2 CISSP. * Technical experience and skill securing operating systems such as Linux, Windows Server/client OS, virtualization technologies, and applying encryption standards. * Experience using vulnerability scanning tools such as NESSUS, SCAP, RETINA, SECSCN, WASSP * Experience using audit reduction tools and endpoint security products. * In-depth working experience directly related to assessment and authorization using any of the following: * NIST SP 800-37 / Risk Management Framework (RMF) * Joint SAP Implementation Guide (JSIG) * Intelligence Community Directive (ICD) 503 * National Industrial Security Program Operating Manual (NISPOM) Chapter 8 * Joint Air Force, Army, Navy (JAFAN) 6/3 * Exceptional written and verbal communication skills. * Prior experience in working in a collaborative team environment desired. * The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information including compartmented programs. * The ability to obtain and maintain a government (DoD) security clearance is required. Preference will be given to candidate with an existing Top Secret clearance. For Benefits Information, click http://hrweb.mit.edu/benefits MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required. Requisition ID: 26343 MIT Lincoln Laboratory Lexington MA

Information Security Manager

Oasis Systems, Inc.