Information Systems Security Manager (ISSM) - 37741

Job Description

Huntington Ingalls Industries is looking for a qualified Information Systems Security Manager (ISSM) to support AFLCMC/WWGB, the Special Program Sustainment Branch located at Tinker AFB, OK. Must have an Active Top Secret/SCI security clearance, current within five years. Must have 12 months or more of experience in a SAP environment within the last five years.

Support is full time on base.

Security + certification

Certified Information Systems Security Professional (CISSP) Certified

10 Years experience.

Risk Framework Management

Framework (RMF) certification packages

Air Force Certification and Accreditation (C&A) Program

The ISSM shall ensure implementation of DoD, USAF, and MAJCOM policies and develop local processes and procedures for the effective execution of the WWGB Information Systems Security Support function. Work independently on tasks and exercise judgment in the execution of the following tasks:

• Develop and maintain a formal IS security program.
• Implement and enforce IS security policies.
• Review and endorse all IS accreditation/certification support documentation packages.
• Oversee all ISSOs to ensure they follow established IS policies and procedures.
• Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
• Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
• Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, SysAdmin) and security training (e.g., ND-225 or equivalent) to carry out their duties.
• Assist ISSOs to ensure proper decisions are made concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
• Ensure the development of system accreditation/certification documentation by reviewing and endorsing such documentation and recommending action to the DAA Rep/SCO.
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
• Maintain, as required by the DAA Rep/SCO, a repository for all system accreditation/certification documentation and modifications.
• Coordinate IS security inspections, tests, and reviews.
• Investigate and report (to the DAA/DAA Rep/SCO and local management) security violations and incidents, as appropriate.
• Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
• Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
• Ensure development and implementation of an effective IS security education, training, and awareness program.
• Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
• Develop procedures for responding to security incidents, and for investigating and reporting (to the DAA Rep/SCO and to local management) security violations and incidents, as appropriate.
• Serve as a member of the configuration management board, where one exists (however, the ISSM may elect to delegate this responsibility to the ISSO.)
• Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized.

• Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins

• Must have at least 10 years of experience and working knowledge of system functions, security policies, technical security safeguards, and operational security measures.

• Certified Information Systems Security Professional (CISSP) Certified
• Security + certification desired
• Must have experience in coordinating IS security inspections, tests, and reviews.
• Must have 12 months or more of experience in a SAP environment within the last five years.
• Knowledge of Risk Framework Management (RFM)
• Air Force Certification and Accreditation (C&A) Program experience
• Must have experience in developing and maintaining a formal IS security program as well as knowledge in enforcing IS security policies.
• Review and endorse all IS accreditation/certification support documentation packages.