What are the responsibilities and job description for the Information Systems Security Manager position at NT Concepts?
As an Information Systems Security Manager (ISSM) on our solutions delivery team, you will have the unique opportunity to work on programs advancing the digital transformation of critical government systems. This program will support one of our intelligence customers in Tysons Corner, VA.
Mission Focus:
As a Google Premier Partner, NT Concepts is supporting Google in their response to the DoD and Intelligence Community (IC) need for a variety of agile, high performance data centers and cloud services; specifically, the IC’s Commercial Cloud Enterprises (C2E) and the DoD’s Joint Warfighter Cloud Capability (JWCC). NT Concepts will be providing managed IT services in direct support of the newly designed and constructed cloud provisioning network Operations Centers (OC). There will be four (4) OCs, each operating independently, that will have workstations tethered to dedicated server/network rooms. Each OC will support one or more customers; two at the SECRET level and two at the TOP SECRET level. One set of OCs will be for the DoD and one set will be for the IC. Each requires managed IT support services, on a 24x7 basis, across all four of the air-gapped OCs. NT Concepts will be part of the OC team starting with design, continuing with implementation, activation and throughout sustainment.
Join us as we enable DoD and IC mission modernization. Enter on the ground floor. Be a part of getting it right and doing it right.
Clearance: TS/SCI with Polygraph
Location: 100% on-site. Tysons Corner, Virginia.
Responsibilities:
- Develop and maintain a formal Information System (IS) security program and policies for assigned areas of responsibility;
- Provide technical and procedural IS Security advice to government and fellow team members.
- Develop and oversee operational IS security implementation policy and guidelines;
- Coordinate with PSO or cognizant security official on approval of External Information Systems (g. guest systems, interconnected system with another organization);
- Oversee ISSOs under their purview to ensure they follow established IS policies and procedures;
- Assume ISSO responsibilities in the absence of the ISSO; maintain required IA certifications;
- Ensure System Administrators (SA) monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks;
- Ensure all ISSOs receive the necessary technical and security training (e.g., operating system, networking, security management) to carry out their duties;
- Ensure approved procedures are used for sanitizing and releasing system components and media;
- Maintain a repository of all security authorizations for IS under their purview;
- Coordinate IS security inspections, tests, and reviews;
- Ensure proper measures are taken when an IS incident or vulnerability is discovered;
- Ensure data ownership and responsibilities are established for each IS, and specific requirements (to include accountability, access and special handling requirements) are enforced;
- Ensure development and implementation of an effective IS security education, training, and awareness program;
- Ensure CM policies and procedures for authorizing the use of hardware/software on an IS are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the appropriate AO prior to the addition, change or modification;
- Serve as a voting member of the Configuration Control Board (CCB) and/or the Risk Executive Board, if applicable. The ISSM shall have authority to veto any proposed change they feel is detrimental to security. Appeals on an ISSM/ISSO veto may be taken to the AO. The ISSM may elect to delegate this responsibility to the ISSO;
- Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures;
- Manage, maintain, and execute the information security continuous monitoring plan;
- Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AO/DAO; and Assess changes to the system, its environment, and operational needs that could affect the security authorization.
- Develop concept of operations for new information systems
- Physical Security
- Ensure SAP facilities are built to ICD-705 or O-5205.07, Volume 3 specifications
- Work with industry partners to ensure physical security measures are met and compliant with applicable DoD policy
- Conduct annual and biannual physical self-inspections
- Coordinate with local PSO and SSO for any updates or changes to current facility
Qualifications:
- LCAT required years of experience: 8
- Degree required: Bachelor’s degree or equivalent experience (4 years)
- Certifications:
- Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level II or Information Assurance Manager III and/or CISSP CSSP Manager (CISM or CISSP-ISSMP or CCISO) within 3 months of the date of hire.
- Skills/Knowledge
- Experience controlling, labeling, virus scanning, auditing tools, and secure data transfer between information systems.
- Demonstrated knowledge and use of the following regulations: JAFAN 6/0; JAFAN 6/3; DCID 6/3; Joint DoDIIS/Cryptologic SCI Information Systems Security Standards; DoD 5105.21 M-1; Sensitive Compartmented Information Administrative Security Manual; ICD 503 Regulations (Computer Security), knowledge of "New" Risk Management Framework (RMF) processes (NIST Special Publication (SP) 800-53A, Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations ).
- Proficiency of the DoD O-5205.07, Volume 3; ICD-705 and applicable DoD physical security manuals and directives
Physical Requirements:
- Prolonged periods sitting at a desk and working on a computer
- Must be able to lift up to 10-25 pounds at time
COVID Protocol(s):
GSS personnel must be fully vaccinated against COVID-19 and retain a copy of their vaccine documentation in case it needs to be checked (subject to local laws).
The host facility’s US vaccine policy requires that all individuals entering our physical workspaces be fully vaccinated against COVID-19 or have an approved accommodation or state law exemption.
#CJ