Information Systems Security Manager (ISSM) at Antenna Research Associates, Inc.

Company Overview

ARA is a leading C5ISR company that designs, manufactures, tests and installs innovative technologies that provide the national security community with unparalleled situational awareness, threat detection, and communications capabilities.

Our disruptive, integrated solutions, assemblies and subsystems rise to the challenging demands of discerning, mission-critical customers.

We leverage our capabilities to meet and exceed the requirements of our customers and empower them to remain ahead of evolving threats and complexities in a dynamic security landscape.

Job Summary

As an Information Systems Security Manager (ISSM), you will develop and maintain classified and unclassified System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports (RARs) in accordance with 32 CFR Part 117 NISPOM Rule. This position is primarily on-site with occasional travel to other company locations. You will ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the SSP, customer DD254s and DCSA or other Government agency requirements.

Essential Functions

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Lead the company’s growing industrial security program.
• Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies. 
• Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed
• Manage the security aspects of the information system and ensure day-to-day security operations of the system.
• Evaluate security solutions to ensure they meet security requirements for processing classified information.
• Perform vulnerability/risk assessment analysis to support certification and accreditation; coordinate, prepare and track AIS inspections, reports and responses.
• Ensure maintenance of AIS security records.
• Advise on Co-Utilization Agreements, ensure configuration management (CM) for information system security software, hardware, and firmware.
• Manage changes to the system and assess the security impact of those changes.
• Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). 
• Support security authorization activities.
• Support Facility Security Officer in industrial security program.
• Support day-to-day information system security operations including hardware and software implementations.
• Assist with the sanitization and relocation of equipment and manage hardware/software inventories.
• Ensure technical administration of the Information System (IS) in accordance with internal and customer security requirements.
• Develop and implement security policies, protocols, and procedures for classified systems.
• Ensure regular internal security audits and assessments are conducted.
• Document compliance actions within the accredited systems or develop a plan of actions and milestones (POA&M) with Management to address non-compliance in the allotted time frame.
• Monitor for unusual activity and respond to security incidents. 
• Participate in the company’s Insider Threat Working Group.
• Assist with Cybersecurity Maturity Model Certification program. 
• Coordinate with unclassified network IT staff with a focus on the latest cybersecurity trends and threats.
• Provide training and support on classified security information system protocols to staff.
• Prepare and present security status reports to management.
• Ensure compliance with relevant legal and regulatory requirements.
• Ensure vulnerability risk assessments and recommend mitigation strategies are performed.
• Collaborate with external auditors.
• Develop and maintain System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports (RARs).
• Execute RMF processes and procedures, including Continuous Monitoring of security controls.
• Ensure the sanitization and relocation of equipment and manage hardware/software inventories.
• Investigate and respond to security breaches.
• Perform other security duties as required.

Position Qualifications

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

Competency Statements

• Adaptability - Adapts to change, open to new ideas and responsibilities
• Communication - Ability to communicate thoughts clearly, both oral and written in an honest, open and timely manner
• Job Knowledge - Understands facets of job, aware of duties and responsibilities, keeps job knowledge current
• Technical Skill - Possesses the knowledge and skills needed to perform a job or role effectively
• Dependability - Meets deadlines, works independently or in a team environment, is accountable, maintains focus, good attendance record
• Quality - Strives to eliminate errors, accurate work is a priority, seeks opportunities to improve products
• Ethics - Honest, accountable, maintains confidentiality
• Initiative / Take Ownership - Takes action, seeks new opportunities, strives to see projects to completion, meaning own your job and see it through
• Decision Making – Problem solve and critical thinking skills, be able to reach a decision, takes thoughtful approach when considering options, seeks input from others, makes difficult decisions 
• Customer Focus - Understands and can meet the needs in a customer-centric (Internal and External) environment and build strong relationships. Promotes a positive image of the company and strives to solve issues raised by customers

Experience and Skills

• Current/Active DOD Top Secret clearance (adjudicated within the last six years)
• Minimum of 5 years of experience in information security or related roles.
• Knowledge of National Industrial Security Program Operating Manual (NISPOM) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification.
• Experience in risk assessment, risk management and incident response.
• In-depth knowledge of information security principles and practices.
• Experience with industrial security compliance and regulatory requirements.
• Ability to develop and implement security policies and procedures.
• Ability to work independently and as part of a team.
• Experience with JSIG configuration and documentation requirements.
• Experience with generating system security authorization packages
• Strong attention to detail and organization skills.
• Excellent analytical and problem-solving skills.
• Strong organizational and multitasking abilities.
• Must be a team player and able to work within all levels of management.
• Experience with auditing environments with multiple operating systems and applications (Windows, Linux).
• Strong oral and written communication skills.
• Strong interpersonal and leadership skills.
• Ability to lead initiatives of moderate scope and impact.
• Effective problem identification and solution skills.
• Proven analytical and organizational ability.

Education

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field

Antenna Research Associates, Inc. is an equal opportunity employer committed to a policy of non-discrimination and affirmative action. We do not discriminate based on race, color, religion, sex, national origin, disability, protected veteran status, or any other legally protected status.

#LI-onsite