Electric Boat Groton , CT 06349
Posted 2 months ago
Overview
The Information System Security Manager (ISSM) position is responsible for the implementation of Risk Management Framework (RMF) activities required to support Information System (IS) assessment and authorization activities as part of the Electric Boat (EB) Cybersecurity Program. This position reports diretly to the Chief of Cybersecurity.
The successful candidate must possess sufficient understanding, knowledge, and experience to implement, enforce, and ensure compliance with RMF policies and procedures developed to meet the requirements of the National Industrial Security Program Operating Manual (NISPOM), Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM), Risk Management Framework (RMF) process, and National Institute of Standards and Technology [NIST] Special Publications [SP] 800-53 (NIST SP 800-53) on EB ISs. This position will work closely with EB Information System Owners, Information System Security Officers (ISSO), Cybersecurity Program Assurance Representatives, other ISSMs, and other program stakeholders.
This position requires a balance of technical knowledge and experience, with strong analytical, documentation, and reporting skills. Responsibilities include:
Supporting the development and maintenance of organization-wide Cybersecurity policies, procedures, templates, and associated education, awareness, and training products; organization-wide Risk Management Strategy, to include the Risk Assessment Report; and the organization-wide Continuous Monitoring (ConMon) Strategy
Developing and/or assessing system specific policies, procedures, templates, training, and other documentation to ensure alignment with the requirements of organization-wide policies and procedures
Coordinating, conducting, and documenting system specific ConMon activities; identifying, managing, and tracking system specific risks, to include vulnerabilities and other areas of non-compliance; and providing guidance on risk mitigation and remediation considerations and strategies
Processing POA&M Request Forms, Configuration Management Request Forms (CMRF), and Software Risk Assessments
Verifying Operating System (OS) and network device configurations, and ensure compliance with configuration standards and other technical requirements
Overseeing and supporting RMF activities performed by ISSOs
Leading assessment and authorization efforts for systems; developing and maintaining eMASS packages to include POA&Ms
Interfacing with various internal and external EB stakeholders
Providing guidance and support on security requirements and implementation
Supporting internal and external inspections and assessments
Other responsibilities as necessary to support RMF activities
Qualifications
Required Qualifications:
U.S. Citizenship
Ability to obtain and maintain a DoD SECRET clearance
Minimum of A.S. Degree (or higher) in Cybersecurity, Information Technology (IT), or Equivalent or related certifications AND 1+ year of working experience in an IT Admin / Cyber Analyst or related postition OR a minimum of a high school degree and 2+ years working experience as an ISSO/IT Admin or related experience
Technical understanding of Operating Systems, networks, and configuration standards
Working knowledge of the RMF process, and NIST SP 800-53 Controls with experience interpreting requirements
Preferred Qualifications:
5+ years within Cybersecurity field and related A.S./B.S. Degree (or higher) and certifications
Working knowledge of the NISPOM and DAAPM
Experience with Enterprise Mission Assurance Support Service (eMASS)
Two or more years of experience as an ISSM, ISSO, System/Network Engineer/Architect/Administrator, or in an Equivalent RMF role
Professional Cybersecurity certification (e.g. Security+, Network+, CISSP)
Skills
Strong analytical, problem solving, organizational, and time management skills
Ability to work independently and collaboratively as part of a multi-functional team in a fast paced and challenging environment
Ability to communicate effectively with all levels of the organization, as well as external stakeholders
Electric Boat