Information System Security Manager (ISSM) 2

Information System Security Manager (ISSM) 2

Location: Hanscom AFB, MA
Clearance: TS/SCI
Salary: $145,000 – $150,000

Sandy Mac Evolution LLC is seeking an experienced Information System Security Manager (ISSM) to support Department of Defense (DoD) Special Access Programs (SAP). The ISSM will serve as a principal advisor on all matters, technical and non-technical, related to the security of information systems under their purview. Primary support includes organizations such as Headquarters Air Force, Office of the Secretary of Defense, and other military compartmented efforts.

All applicants must apply through the Sandy Mac Evolution LLC (SME) website.

This position provides day-to-day support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) activities.

Key Responsibilities

• Perform oversight of the development, implementation, and evaluation of information system security program policy, with emphasis on integration of existing SAP network infrastructures
• Develop and oversee operational information systems security implementation policy and guidelines for network security based on the Risk Management Framework (RMF), with emphasis on the Joint Special Access Program Implementation Guide (JSIG) authorization process
• Advise customers on RMF assessment and authorization (A&A) issues
• Perform risk assessments and provide recommendations to DoD agency customers
• Advise government program managers on security testing methodologies and processes
• Evaluate authorization documentation and provide written recommendations for authorization to government Program Managers
• Develop and maintain a formal Information Systems Security Program
• Ensure IAOs, network administrators, and cybersecurity personnel receive required technical and security training
• Develop, review, endorse, and recommend action by the Authorizing Official (AO) or Designated Authorizing Official (DAO) for system assessment documentation
• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
• Develop and execute security assessment plans that verify required protection-level controls are functioning
• Maintain a repository for all system authorization documentation and modifications
• Establish and implement Configuration Control Board (CCB) charter processes
• Develop policies and procedures for responding to security incidents, including investigating and reporting violations and incidents
• Ensure corrective actions are implemented when vulnerabilities or incidents are identified
• Ensure data ownership and responsibilities are defined for each authorization boundary, including accountability, access rights, and special handling requirements
• Develop and implement an information security education, training, and awareness program, including attending, monitoring, and presenting cybersecurity training
• Evaluate threats and vulnerabilities to determine whether additional safeguards are required
• Assess changes in systems, environments, and operational needs that may impact authorization status
• Ensure valid Authorization to Operate (ATO) determinations exist for all authorization boundaries under their purview
• Review Automated Information System (AIS) assessment plans
• Coordinate with Program Security Officers (PSO) or cognizant security officials on approval of external information systems (e.g., guest systems, interconnected systems)
• Conduct periodic assessments of the security posture of authorization boundaries
• Ensure configuration management (CM) is enforced for all security-relevant changes to software, hardware, and firmware
• Ensure periodic testing is conducted using intrusion detection and monitoring tools (shared responsibility with ISSOs)
• Ensure system recovery and reconstitution processes are developed and maintained based on availability requirements
• Ensure all authorization documentation is current and accessible to properly authorized individuals
• Ensure system security requirements are addressed during all phases of the system lifecycle
• Develop Assured File Transfers (AFT) in accordance with JSIG requirements
• Participate in self-inspections
• Perform ISSO duties when necessary or when an ISSO is not available

Special Requirements

• Mandatory: 5–7 years of related experience
• Desired: SAP experience

Education

• Bachelor’s degree (preferred) – counts as four years of experience
• Associate’s degree in a related field – counts as two years of experience

Experience / Certification Equivalents

• Security Fundamentals Professional Certification (SFPC) counts as one year of experience
• Special Program Security Certification (SPSC) counts as one year of experience
• Maximum equivalent experience for SPED certifications is three years total

Pay: $145,000.00 - $150,000.00 per year

Work Location: In person