Information System Security Manager (ISSM) bei ECS Federal (ECS Government Services)

ECS is seeking an Information System Security Manager (ISSM) to work in our Arlington, VA office. 

ECS is seeking an experienced and highly motivated Information System Security Manager (ISSM) to support a team responsible for ensuring cybersecurity for an SIPR production network within the DoD community.

This role will oversee and ensure security compliance with Department of Defense policy of ECS Federal networks. The ISSM will work closely with the Defense Contractor Security Agency (DCSA) and the Defense Information Security Agency (DISA) to ensure the IS stays in compliance with applicable policies and oversight.

The ISSM will lead the preparations and interactions with the government for system security assessments and ensure the IS maintains its Authority to Operate (ATO). The ISSM will manage the implementation of security policies, conduct risk assessments, manage security controls, and Plan of Actions and Milestones (POAM). The ISSM is expected to advise senior management on cybersecurity issues, communicate security risks, and collaborate with technical teams and other stakeholders. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion.  The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands-on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.

Responsibilities:

• Implement and manage secure network architectures, customer information security (IS) requirements, operational concepts, and security authorization plans and procedures for assigned programs in compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, the NIST Risk Management Framework SP 800-37 and CNSS Instructions - Committee on National Security Systems, the National Industrial Security Program Operating Manual (NISPOM), and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).
• Apply technical expertise and have full knowledge of related disciplines by implementing technical solutions across various platforms.
• Prepare and maintain security Assessment and Authorization (A&A) documentation (e.g., IA SOP, SSP, RAR, SCTM); participate in system categorization; Active experience with the Enterprise Mission Assurance Support Service (eMASS).
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Provide cybersecurity oversight, guidance, and training to all general and privileged users.
• Perform tasks related to the orchestration and compliance of Continuous Monitoring Plans (e.g., audit log review, security patching, software, and hardware configuration management).
• Perform system auditing, vulnerability risk assessments, Assured File Transfers, data integrity containments and investigations on IA related security violations/incidents.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure all security features applied to a system are implemented and functional.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the IS’s cybersecurity posture.
• Perform cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Ensure that Plans of Actions and Milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

*This is a hybrid role and requires at least 3 on-site days in office.