TITLE: Information System Security Manager (ISSM)
POSITION DESCRIPTION: Information System Security Manager (ISSM) Technical Support
FLSA: Full-Time; Exempt
DEPT/UNIT: DHA HQ
LOCATION: Remote/Some Travel
WHO WE ARE:
CommandTec, LLC is an 8(a), Woman Owned Small Business (WOSB), Economically Disadvantaged Women-Owned Small Business (EDWOSB), Small Disadvantaged Business (SDB), and Service-Disabled Veteran-Owned Small Business (SDVOSB) and Historically Underutilized Business (HUBZone), headquartered in Huntsville, AL. As a diversified professional services company, CommandTec takes great pride in providing a broad range of Intelligence, Training, Enterprise IT and Process Improvement solutions to US Government agencies and commercial customers.
JOB SUMMARY:
The Information System Security Manager (ISSM) will provide cybersecurity/ISSE services and Technical Support. The ISSM reports to DHA FE FRCS Program Manager.
ESSENTIAL FUNCTIONS:
- Maintain communication with Government lead in order to ensure the needs of the mission are being met. Receive guidance or direction from government lead when questions/issues arise.
- Develop and maintain an organizational or system-level cybersecurity program of employees that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
- Ensure that IOs and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each DoD IS and PIT system are identified in order to establish accountability, access approvals, and special handling requirements.
- Maintain a repository for all organizational or system-level cybersecurity-related documentation.
- Ensure that ISSOs are appointed in writing and provide oversight to ensure that they are following established cybersecurity policies and procedures. DoDI 8500.01, March 14, 2014, ENCLOSURE 3
- Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.
- Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
- Ensure implementation of IS security measures and procedures, including reporting incidents to the AO and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with References for classified information or References for CUI, respectively.
- Ensure that the handling of possible or actual data spills of classified information resident in ISs, are conducted in accordance with applicable policies and guidance.
- Act as the primary cybersecurity technical advisor to the AO for DoD IS, PIT, and MDE systems under their purview.
- Ensure that cybersecurity-related events or configuration changes that may impact DoD IS, PIT, and MDE systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs.
- Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS, PIT, and MDE system.
- Participate in project/site coordination meetings as requested by the ISSO to address technical questions and to develop points of contact. This includes collecting data and distributing RMF artifacts to support successful completion of DHA projects.
- Review documentation, submittals, and status reports received from the ISSO's.
- Review RPIE LVS, FRCS and IM/IT technical documents for accuracy, completeness, and consistency. Types of technical documents include, but are not limited to, performance work statements, design documents, requests for proposal, design and construction submittals, policy, standard operating procedures, criteria, and regulations.
- Coordinate reviews and comments with DHA Facilities Enterprise Project Managers, DHA CSM planners and SME's, USACE employees, Service Component staff, designers, constructors, IO&T contractors, and other stakeholders.
- Review and provide recommendations for improvement to all project phases. Examples include, but are not limited to DHA RPIE LVS, FRCS, and IM/IT recommended contract language and specification update.
- Contribute to technical documents that support the implementation of standardization across DHA FE. Such documents include, but are not limited to, performance work statements, requests for proposal, lessons learned documents, IM/IT/LVS functional processes, and the DHA FE FRCS Cybersecurity Procedures.
- Support the capability to prepare and conduct training for all Planners, Project Managers, IO&T managers, and Facility Operations (FO) on their roles and responsibilities associated with the cybersecurity of RPIE LVS, FRCS and IM/IT.
- Contribute to technical documents that support the implementation of standardization across DHA FE. Such documents include, but are not limited to, performance work statements, requests for proposal, lessons learned documents, IM/IT/LVS functional processes, and the DHA FE FRCS Cybersecurity Procedures.
- Support the capability to conduct training for DHA Facilities Enterprise staff as required by the DHA Chief Engineer.
- Performs additional duties and accepts other responsibilities as may be assigned.
|