ITCON Services
Information Systems Security Manager (ISSM)
ITCON Services, Washington, District of Columbia, us, 20022
ITCON Services
is looking for a bright, motivated
Information Systems Security Manager (ISSM)
to join our team.
An Information Systems Security Manager (ISSM) is responsible for the overall cybersecurity posture of information systems and programs, ensuring the confidentiality, integrity, and availability of data and protecting against threats. This role involves developing and implementing security policies, managing risk, conducting audits, overseeing security documentation like System Security Plans (SSPs), and ensuring compliance with relevant regulations and frameworks such as the Risk Management Framework (RMF).
Key Responsibilities of an ISSM:
Policy and Documentation Management:
Develop, implement, and maintain information systems security policies and procedures, including creating and updating SSPs, Risk Assessment Reports, and other security documentation for various systems, often under government and Intelligence Community (IC) frameworks.
Risk Management and Compliance:
Identify and assess risks, conduct vulnerability audits, and ensure compliance with government regulations, industry standards (e.g., NIST, DoD, FIPS), and customer requirements. This includes managing the RMF lifecycle for systems.
System Security Operations:
Oversee the day-to-day security operations of information systems, including managing security patching, antivirus updates, and media control, and ensuring proper security controls are implemented and followed.
Accreditation and Authorization:
Manage and maintain security authorizations, including the acquisition and renewal of Authorization to Operate (ATO).
Incident Response and Training:
Lead crisis units during security incidents and conduct security briefings, education, and training for employees to raise awareness of cybersecurity challenges and prevention measures.
Technical Oversight:
Provide technical and procedural advice on security matters, review security tool reports, and support security engineering projects.
Leadership and Coordination:
Lead and manage teams of Information System Security Officers (ISSOs), coordinate with various government agencies and stakeholders, and act as the primary cybersecurity authority for their assigned systems or programs.
is looking for a bright, motivated
Information Systems Security Manager (ISSM)
to join our team.
An Information Systems Security Manager (ISSM) is responsible for the overall cybersecurity posture of information systems and programs, ensuring the confidentiality, integrity, and availability of data and protecting against threats. This role involves developing and implementing security policies, managing risk, conducting audits, overseeing security documentation like System Security Plans (SSPs), and ensuring compliance with relevant regulations and frameworks such as the Risk Management Framework (RMF).
Key Responsibilities of an ISSM:
Policy and Documentation Management:
Develop, implement, and maintain information systems security policies and procedures, including creating and updating SSPs, Risk Assessment Reports, and other security documentation for various systems, often under government and Intelligence Community (IC) frameworks.
Risk Management and Compliance:
Identify and assess risks, conduct vulnerability audits, and ensure compliance with government regulations, industry standards (e.g., NIST, DoD, FIPS), and customer requirements. This includes managing the RMF lifecycle for systems.
System Security Operations:
Oversee the day-to-day security operations of information systems, including managing security patching, antivirus updates, and media control, and ensuring proper security controls are implemented and followed.
Accreditation and Authorization:
Manage and maintain security authorizations, including the acquisition and renewal of Authorization to Operate (ATO).
Incident Response and Training:
Lead crisis units during security incidents and conduct security briefings, education, and training for employees to raise awareness of cybersecurity challenges and prevention measures.
Technical Oversight:
Provide technical and procedural advice on security matters, review security tool reports, and support security engineering projects.
Leadership and Coordination:
Lead and manage teams of Information System Security Officers (ISSOs), coordinate with various government agencies and stakeholders, and act as the primary cybersecurity authority for their assigned systems or programs.