Applied Research Associates
Information System Security Manager (ISSM) (Entry/Mid-Level)
Applied Research Associates, Madison, Alabama, United States, 35756
Description
The Analytical Solutions Division (ASD) (https://www.ara.com/huntsville-alabama/) of Applied Research Associates (ARA), Inc (www.ara.com) has an exciting opportunity for a full-time
Information System Security Manager (ISSM)
on-site at our Huntsville, AL location. ISSM is responsible for overseeing security operations in compliance with the 32 CFR Part 117 National Industrial Security Program Operating Manual (NISPOM). Interface with the Defense Counterintelligence and Security Agency (DCSA), managing security policies, conducting assessments, and ensuring the integrity of security systems. Responsible for the planning, organization, maintenance, and compliance of multiple classified systems in accordance with NISPOM, risk management framework (RMF) requirements, and DCSA Assessment & Authorization Process Manual (DAAPM). Develop policy, guidance, and establish implementation and oversight plans to ensure compliance with Risk Management requirements. ISSM will also serve as the Facility Security Officer to handle personnel clearance processing and maintain facility clearance activities and provide administrative security support associated with the receipt, distribution, inventory, reproduction and disposition of classified material. For this position, ARA will only consider applicants with an active SECRET Security Clearance or higher. Position is not eligible for remote work schedule.
Collaborate with Project Managers (PMs) or Information System Owners (ISO) in maintaining current authorization to operate, and approval to connect for all systems and networks, and in implementing corrective actions identified in the plan of action and milestones
Conduct recurring Cybersecurity reviews on information systems in accordance with DoD RMF practices, DCSA Assessment and Authorization Process Manual (DAAPM), NIST 800-53 Special Publications, customer directives, and company policies as applicable.
Audit information systems to ensure compliance with security policies and procedures
Manage user access and conduct user briefings as required
Schedule mandatory Information System patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance; maintain the day-to-day security posture and continuous monitoring for all systems
Investigate classified spills/incident response or other security-related incidents to DCSA and recommend corrective actions
Apply physical security concepts to maintain current Facility Clearance Level (FCL) and approved safeguarding
Manage the Access Control/Alarm System in accordance with DoD standards
Must Haves as an ISSM:
Must possess a U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret clearance
Must be a U.S. Citizen
2+ years' experience as NISPOM ISSO/ISSM
Experience with security assessment/hardening tools, i.e., STIGs, SCAP, GPO, NESSUS, etc.
Possess strong understanding of computer operating systems (Windows and Linux), software and computer hardware
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Must be able to initiate communication with management and various government agencies for support and/or compliance requirements
Knowledgeable in all areas of security (physical, personnel, information, communication, insider threat etc.) specialties, concepts, principles, criteria, requirements, technology, tracking and electronic security practices
Knowledgeable of NISPOM and DCSA reporting requirements specifically in regard to security incidents and violations
Must have the following certificates, or must be completed within 6 months of hire:
FSO Program Management for Possessing Facilities Curriculum (IS030.CU),
ISSM Required Online Training DAAPM - 2.6 Program Risk Management Framework (CS100.CU),
CompTIA Continuous Monitoring (CS200.16),
Introduction to the Risk Management Framework (CS124.16),
Introduction to Industrial Security (IS011.16),
Introduction to Information Security (IF011.16),
Introduction to Personnel Security (PS113.16),
Introduction to Physical Security (PY011.16)
This will "WOW" us if you have the following:
Active DoD TS/SCI Clearance
Possess a DoD 8570 IAM-I level professional certification, Security + or CISSP
Proficient in IA Security specifications such as Risk Management Framework (RMF) and NIST SP 800-53
Working knowledge of eMASS application/DISS/NBIS
Please apply at careers.ara.com (https://recruiting.ultipro.com/APP1010ARAI/JobBoard/07442cec-d18e-4589-ab15-8342edc29af7/?q=&o=postedDateDesc&w=&wc=&we=&wpst=) for the
Information System Security Manager (ISSM)
position.
Qualifications
Behaviors
Preferred
Detail Oriented:
Capable of carrying out a given task with all details necessary to get the task done well
Dedicated:
Devoted to a task or purpose with loyalty or integrity
Functional Expert:
Considered a thought leader on a subject
Motivations
Preferred
Self-Starter:
Inspired to perform without outside help
Goal Completion:
Inspired to perform well by the completion of tasks
Ability to Make an Impact:
Inspired to perform well by the ability to contribute to the success of a project or the organization
Work-Life Balance:
Inspired to perform well by having ample time to pursue work and interests outside of work
Education
Preferred
Bachelors or better
Licenses & Certifications
Preferred
STEPP FSO PM for Poss Fac
Physical Security Prof
Intro to NISP C&A Process
IS Security Professional
Industrial Security Pro
Comp TIA Security+ Cert. Info. Sec. Manager
Cert Info Sys Secur Prof
Experience
Required
2-4 years: Direct Relevant NISPOM ISSO/ISSM or equivalent experience
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.
The Analytical Solutions Division (ASD) (https://www.ara.com/huntsville-alabama/) of Applied Research Associates (ARA), Inc (www.ara.com) has an exciting opportunity for a full-time
Information System Security Manager (ISSM)
on-site at our Huntsville, AL location. ISSM is responsible for overseeing security operations in compliance with the 32 CFR Part 117 National Industrial Security Program Operating Manual (NISPOM). Interface with the Defense Counterintelligence and Security Agency (DCSA), managing security policies, conducting assessments, and ensuring the integrity of security systems. Responsible for the planning, organization, maintenance, and compliance of multiple classified systems in accordance with NISPOM, risk management framework (RMF) requirements, and DCSA Assessment & Authorization Process Manual (DAAPM). Develop policy, guidance, and establish implementation and oversight plans to ensure compliance with Risk Management requirements. ISSM will also serve as the Facility Security Officer to handle personnel clearance processing and maintain facility clearance activities and provide administrative security support associated with the receipt, distribution, inventory, reproduction and disposition of classified material. For this position, ARA will only consider applicants with an active SECRET Security Clearance or higher. Position is not eligible for remote work schedule.
Collaborate with Project Managers (PMs) or Information System Owners (ISO) in maintaining current authorization to operate, and approval to connect for all systems and networks, and in implementing corrective actions identified in the plan of action and milestones
Conduct recurring Cybersecurity reviews on information systems in accordance with DoD RMF practices, DCSA Assessment and Authorization Process Manual (DAAPM), NIST 800-53 Special Publications, customer directives, and company policies as applicable.
Audit information systems to ensure compliance with security policies and procedures
Manage user access and conduct user briefings as required
Schedule mandatory Information System patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance; maintain the day-to-day security posture and continuous monitoring for all systems
Investigate classified spills/incident response or other security-related incidents to DCSA and recommend corrective actions
Apply physical security concepts to maintain current Facility Clearance Level (FCL) and approved safeguarding
Manage the Access Control/Alarm System in accordance with DoD standards
Must Haves as an ISSM:
Must possess a U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret clearance
Must be a U.S. Citizen
2+ years' experience as NISPOM ISSO/ISSM
Experience with security assessment/hardening tools, i.e., STIGs, SCAP, GPO, NESSUS, etc.
Possess strong understanding of computer operating systems (Windows and Linux), software and computer hardware
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Must be able to initiate communication with management and various government agencies for support and/or compliance requirements
Knowledgeable in all areas of security (physical, personnel, information, communication, insider threat etc.) specialties, concepts, principles, criteria, requirements, technology, tracking and electronic security practices
Knowledgeable of NISPOM and DCSA reporting requirements specifically in regard to security incidents and violations
Must have the following certificates, or must be completed within 6 months of hire:
FSO Program Management for Possessing Facilities Curriculum (IS030.CU),
ISSM Required Online Training DAAPM - 2.6 Program Risk Management Framework (CS100.CU),
CompTIA Continuous Monitoring (CS200.16),
Introduction to the Risk Management Framework (CS124.16),
Introduction to Industrial Security (IS011.16),
Introduction to Information Security (IF011.16),
Introduction to Personnel Security (PS113.16),
Introduction to Physical Security (PY011.16)
This will "WOW" us if you have the following:
Active DoD TS/SCI Clearance
Possess a DoD 8570 IAM-I level professional certification, Security + or CISSP
Proficient in IA Security specifications such as Risk Management Framework (RMF) and NIST SP 800-53
Working knowledge of eMASS application/DISS/NBIS
Please apply at careers.ara.com (https://recruiting.ultipro.com/APP1010ARAI/JobBoard/07442cec-d18e-4589-ab15-8342edc29af7/?q=&o=postedDateDesc&w=&wc=&we=&wpst=) for the
Information System Security Manager (ISSM)
position.
Qualifications
Behaviors
Preferred
Detail Oriented:
Capable of carrying out a given task with all details necessary to get the task done well
Dedicated:
Devoted to a task or purpose with loyalty or integrity
Functional Expert:
Considered a thought leader on a subject
Motivations
Preferred
Self-Starter:
Inspired to perform without outside help
Goal Completion:
Inspired to perform well by the completion of tasks
Ability to Make an Impact:
Inspired to perform well by the ability to contribute to the success of a project or the organization
Work-Life Balance:
Inspired to perform well by having ample time to pursue work and interests outside of work
Education
Preferred
Bachelors or better
Licenses & Certifications
Preferred
STEPP FSO PM for Poss Fac
Physical Security Prof
Intro to NISP C&A Process
IS Security Professional
Industrial Security Pro
Comp TIA Security+ Cert. Info. Sec. Manager
Cert Info Sys Secur Prof
Experience
Required
2-4 years: Direct Relevant NISPOM ISSO/ISSM or equivalent experience
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.