Information System Security Manager (ISSM) 2

Information System Security Manager (ISSM) 2Location: Hanscom AFB, MA Clearance: TS/SCI Salary: $145,000 – $150,000Sandy Mac Evolution LLC is seeking an experienced Information System Security Manager (ISSM) to support Department of Defense (DoD) Special Access Programs (SAP). The ISSM will serve as a principal advisor on all matters, technical and non-technical, related to the security of information systems under their purview. Primary support includes organizations such as Headquarters Air Force, Office of the Secretary of Defense, and other military compartmented efforts.All applicants must apply through the Sandy Mac Evolution LLC (SME) website.This position provides day-to-day support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) activities.Key ResponsibilitiesPerform oversight of the development, implementation, and evaluation of information system security program policy, with emphasis on integration of existing SAP network infrastructuresDevelop and oversee operational information systems security implementation policy and guidelines for network security based on the Risk Management Framework (RMF), with emphasis on the Joint Special Access Program Implementation Guide (JSIG) authorization processAdvise customers on RMF assessment and authorization (A&A) issuesPerform risk assessments and provide recommendations to DoD agency customersAdvise government program managers on security testing methodologies and processesEvaluate authorization documentation and provide written recommendations for authorization to government Program ManagersDevelop and maintain a formal Information Systems Security ProgramEnsure IAOs, network administrators, and cybersecurity personnel receive required technical and security trainingDevelop, review, endorse, and recommend action by the Authorizing Official (AO) or Designated Authorizing Official (DAO) for system assessment documentationEnsure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and mediaDevelop and execute security assessment plans that verify required protection-level controls are functioningMaintain a repository for all system authorization documentation and modificationsEstablish and implement Configuration Control Board (CCB) charter processesDevelop policies and procedures for responding to security incidents, including investigating and reporting violations and incidentsEnsure corrective actions are implemented when vulnerabilities or incidents are identifiedEnsure data ownership and responsibilities are defined for each authorization boundary, including accountability, access rights, and special handling requirementsDevelop and implement an information security education, training, and awareness program, including attending, monitoring, and presenting cybersecurity trainingEvaluate threats and vulnerabilities to determine whether additional safeguards are requiredAssess changes in systems, environments, and operational needs that may impact authorization statusEnsure valid Authorization to Operate (ATO) determinations exist for all authorization boundaries under their purviewReview Automated Information System (AIS) assessment plansCoordinate with Program Security Officers (PSO) or cognizant security officials on approval of external information systems (e.g., guest systems, interconnected systems)Conduct periodic assessments of the security posture of authorization boundariesEnsure configuration management (CM) is enforced for all security-relevant changes to software, hardware, and firmwareEnsure periodic testing is conducted using intrusion detection and monitoring tools (shared responsibility with ISSOs)Ensure system recovery and reconstitution processes are developed and maintained based on availability requirementsEnsure all authorization documentation is current and accessible to properly authorized individualsEnsure system security requirements are addressed during all phases of the system lifecycleDevelop Assured File Transfers (AFT) in accordance with JSIG requirementsParticipate in self-inspectionsPerform ISSO duties when necessary or when an ISSO is not availableSpecial RequirementsMandatory: 5–7 years of related experienceDesired: SAP experienceEducationBachelor’s degree (preferred) – counts as four years of experienceAssociate’s degree in a related field – counts as two years of experienceExperience / Certification EquivalentsSecurity Fundamentals Professional Certification (SFPC) counts as one year of experienceSpecial Program Security Certification (SPSC) counts as one year of experienceMaximum equivalent experience for SPED certifications is three years total