Cyber Security Information System Security Manager

What You'll Do

The Information System Security Manager (ISSM)/Alternate ISSM (AISSM) is responsible for executing CNS's risk management program and implementing the Risk Management Framework across both classified and unclassified networks. The ISSM/AISSM is an expert in Assessment and Authorization (A&A) of Federal information systems,technology risk assessments, and the National Institutes of Standards and Technology (NIST) Cybersecurity Framework; and has broad knowledge in Information Technology (IT), Operation Technology (OT), Industrial Control Systems (ICS), and cybersecurity operations. The ISSM/AISSM works closely with the Cybersecurity Policy Advisor to ensure effective implementation of cybersecurity policy across the CNS enterprise, and is responsible for providing technical leadership to the Information System Security Officers (ISSOs) and Security Control Assessors (SCAs). Successful candidates for this role will be expected to stay up to date on the latest cybersecurity risks and threats, and provide subject matter expertise (SME) within the CNS organization on IT/cybersecurity security risks and proper mitigations.

• Advise senior management on risk levels and security posture
• Advise senior management on cost/benefit analysis of information security programs, policies, processes,systems, and elements
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture
• Collect and maintain data needed to meet system cybersecurity reporting
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders
• Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
• Ensure that security improvement actions are evaluated, validated, and implemented as required
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk
• Participate in the acquisition process as necessary, following appropriate supply chain risk management practices
• Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate

What You Can Expect

Minimum Job Requirements

Preferred Job Requirements

• Knowledge of Risk Management Framework requirements and process
• Ability to work with CISO to establish cyber metrics to gauge program effectiveness and perform internal audits and assessments
• Ability to manage compliance activities to support the contractor assurance program
• Ability to support the CISO and other cyber security personnel to ensure implementation of the cybersecurity program remains in compliance with DOE/NNSA and NIST requirements
• Ability to evaluate and approve development eff orts to ensure that baseline security safeguards are appropriately installed
• Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP),Global Information Security Professional (GISP), or the Comp TIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
• Knowledge of the DOE/NNSA cyber work environments, exposure to levels of leadership, customer, NNSA sites
• Knowledge of current and emerging threats/threat vectors
• Knowledge of business continuity and disaster recovery continuity of operations plans
• Knowledge of system life cycle management principles, including software security and usability
• Knowledge of DOE/NNSA mission and DOE cyber security program requirements
• Knowledge of ITIL framework
• Knowledge of and ability to adhere to Federal and industry-standard software quality assurance practices
• Ability to train and mentor others to develop and update system baselines and threat models for deployment and risk acceptance decisions
• Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations
• Ability to work semi-autonomously, strong decision making, time management, and customer service skills
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures

Why Pantex and Y-12?

You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Pantex and Y-12, you can build a career that lasts a lifetime.

Notes