DCATS - Information System Security Manager

US-VA-Fort Belvoir
Job ID
2017-1747
# of Openings
1
Clearance Requirement
S
Education Requirement
Bachelor's Degree
Certifications
Security+ CE, CISSP, CISM, or GSLC
Experience Level
Senior
8570 Compliant
IAT 2

Overview

SMS is a fast growing, veteran-owned business that's has supported Federal Government's IT initiatives for over four decades.  We work side-by-side with our Federal clients as a trusted, long-term partner to offer innovative advice and leadership to solve their most pressing and complex problems. We orchestrate people, strategies, technologies and best-of-breed business processes. The SMS advantage in management and technology consulting includes deep domain expertise in complex networking design and unifying communities of interest. 

 

We have strong capabilities in design & build, planning, governance, quality management, security, analytics, virtualization, operations and business process improvement. For 40 years, SMS has brought customer satisfaction to Federal clients and formed lasting alliances with leading technology companies and talented small businesses to deliver joint, leading-edge, cost-effective services and products. 

Submit your resume today!

Responsibilities

A Senior Level Engineer that has experience in providing knowledge, techniques and/or capabilities related to system IA, certification and accreditation (C&A), documentation, security testing and vulnerability remediation. Candidate will support the Certification and accreditation process for administering Risk Management Framework (RMF) program. Candidate must also have experience in managing IT or IA related projects that required extensive and simultaneous documentation and coordination across multiple customers. 

 

Essential Job Functions:  For each assigned system with the support, authority, and resources to satisfy the responsibilities established in DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT). In accordance with DoDI 8500.01, Cybersecurity, the ISSM needs to be assigned in writing. The PM should ensure that the designated ISSM has the support, authority, and resources to satisfy the responsibilities established in DoDI 8500.01. Assignment of a qualified ISSM is one of the most important steps and should be accomplished as early as possible to ensure that applicable cybersecurity requirements are addressed in the system architecture and detailed design.

 

DoD Directive 8570.01, Information Assurance Training, Certification, and Workforce Management, current edition, provides guidance for the identification and categorization of positions and certifications of personnel conducting cybersecurity functions within the DoD workforce and should be used for selecting an ISSM. As the PM’s agent for ensuring compliance with DoD cybersecurity policies and regulations, the ISSM’s roles and responsibilities include

  • Ensure compliance with cybersecurity requirements in accordance with DoD and DoD Component cybersecurity and information assurance policies and guidance
  • Support the PM in development of a POA&M and budget that addresses the implementation of cybersecurity requirements throughout the lifecycle of the system

  • Identify a cybersecurity team; the PM can designate the ISSM to chair a Cybersecurity (may be called Information Assurance) Working-level Integrated Product Team (WIPT) or sub-WIPT, executed under the authority of the Systems Engineering WIPT

  • Support implementation of the RMF

  • Maintain and report systems assessment and authorization status and issues in accordance with DoD Component guidance

  • Provide direction to the Information System Security Officer (ISSO) in accordance with DoDI 8500.01

  • Coordinate with the organization’s security manager to ensure issues affecting the organization's overall security are addressed appropriately

  • Continuously monitor the system or information environment for security-relevant events and configuration changes that negatively affect security posture

  • Periodically assesses the quality of security controls implementation against performance indicators, such as: security incidents; feedback from external inspection agencies, e.g., Office of the Inspector General (OIG) DoD, Government Accountability Office (GAO); exercises; and operational evaluations, including Director, OT&E cybersecurity assessments

  • Immediately report any significant change in the security posture of the system, and recommended mitigations, to the Security Control Assessor (SCA) and AO

  • Recommend to the SCA or AO a reassessment of any or all security controls at any time, as appropriate

  • Ensure that SSE processes are aligned to, and adequately documented in the program’s SEP and PPP, and are executed with sufficient rigor to ensure required security controls are implemented, resulting in the lowest level of residual risk to system operation

  • Ensure that cybersecurity inputs to program acquisition documents are prepared

  • Ensure that the program’s contractual documents, such as specifications, statements of work, or Contract Data Requirements Lists (CDRLs) incorporate appropriate cybersecurity language and requirements

  • Support SETRs by ensuring that entry and exit criteria include cybersecurity and are satisfied, and that design documentation meets the specified cybersecurity requirements

  • Ensure that security controls and requirements are properly allocated and documented in design specifications, technical publications and manuals, etc.

  • Ensure security controls and requirements are properly allocated and implemented in logistics or program planning documents

  • Ensure that security controls and requirements have been communicated and appropriately resourced by program budget documents and are reflected in the program’s requirements database

  • Ensure that integrated logistics support documentation (e.g., LCSP) incorporate cybersecurity considerations throughout the lifecycle of the system


Qualifications

  • 5-8 years of progressively responsible IT security consulting experience including recent experience with RMF
  • Candidates should have technical experience in all of the following areas: network infrastructure (Cisco), Microsoft Windows Server 2012 R2, UNIX/Linux (SUN/Redhat) or database (Oracle/MS SQL 2012).
  • Individual must have high degree of skills with the MS Office toolsets
  • Applicant must possess refined critical thinking skills, should be a self-starter, may direct the activities of other team members, diplomatic, multi-task capable, adaptive to a dynamic environment, dependable and reliable.
  • Prior experience in a government consulting services environment is required

Education
Bachelor’s degree in a Business Management or MIS related field. Advanced degree is preferred

 

Certifications

CISSP, CCNA

 

Clearance

Must have and maintain an active DoD Secret security clearance

 

 

SMS is an Equal Opportunity Employer. 

 

SMS is a veteran-owned network integrator established in 1976.  With an employee retention rate averaging over 5 years, our ability to hire quality people and retain them in a rapidly evolving IT market proves why we are a world-class information technology company. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proud to be ISO 9001:2008 Registered and a CMMI Level 3 certified company, ensuring that we continue to meet and exceed the expectations of our customers, partners and employees.  

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed