Information System Security Manager (Issm)

Description & Requirements

Maximus is seeking an Information System Security Manager (ISSM) to support our customer out of Colorado Springs, Colorado.

• This position is contingent upon award*

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS034, T4, Band 7

Duties & Responsibilities

• Conduct comprehensive assessments of security controls within information systems (IS) to determine compliance and effectiveness, including pre-site, on-site, and post-assessments.

• Coordinate and perform pre-assessments, reviewing and evaluating the Body of Evidence (BoE) for completeness, identifying threats, vulnerabilities, and non-compliance areas.

• Execute formal on-site security control assessments, document findings in the Security Control Traceability Matrix (SCTM), and produce the Security Assessment Worksheet (SAW).

• Prepare and submit detailed Security Assessment Reports (SARs) within 30 days of on-site visits, providing thorough analysis and recommendations.

• Evaluate the effectiveness of Continuous Monitoring Plans, providing quarterly briefings on system compliance.

• Support the development and implementation of IS security program policies, advising on assessment and authorization issues, and assisting with the evaluation of authorization packages.

• Assist in assessing the Plan of Action and Milestones, proposed changes to authorization boundaries, and evaluating the security impact of hardware and software.

Minimum Requirements:

• Active TS/SCI with the willingness and ability to obtain CI Polygraph.

• Must meet requirements as listed in DoD 8140.03.

• A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution.

• -OR- possess and maintain one of the following industry recognized certifications related to this role per the DoD Cyber Workforce Framework and DoD Manual 8140.03: CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP.

• 8 years' experience of cybersecurity support for classified networks.

• Minimum 5-8 years of SCAR network assessment or DoD Risk Management Framework (RMF) support experience.

• Ability to obtain one of the following certifications, at customer discretion, within 180 days: CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP.

• Ability to meet travel requirements per customer. CONUS and OCONUS travel are estimated to be 25% or more.

Preferred Skills and Abilities:

• 5 years of SCAR network assessment experience.

• In-depth knowledge of the RMF process and NIST 800 document series.

• Demonstrated history of leading and providing guidance to others.

• Demonstrated history of developing and maintaining an Information Security Program and Policies.

• Demonstrated history of performing pre and post assessment activities as outlined in the Joint Special Access Program Implementation Guide (JSIG) and NIST 800.53.

Minimum Requirements

TCS034, T4, Band 7

#techjobs #clearance

EEO Statement

Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.

Pay Transparency

Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.