search > Rochester jobs > Rochester computer/technical

Posted: Monday, July 3, 2017 2:15 PM

The Information Systems Security Manager (ISSM) is responsible for maintaining and enforcing all Information System Security policies, standards, and directives to ensure accreditation and certification of information systems processing US government classified information. The position requires in-depth working knowledge of and experience with multiple government directives, ie NISPOM Chapter 8, National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), and comparable industry standards. Job responsibilities include:Establishes, documents, implements, and monitors the IS Security Program and related procedures for the facility and ensures facility compliance with requirements for ISAuthors and maintains documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF) under the JSIG and NISPOM; performing security control assessments as part of the systems' Continuous Monitoring PlanOversees configuration management of assigned systems; works with IT organization to develop device and system hardening guides following DISA and NIST guidelines; auditing systems to ensure security posture integrityConducts periodic hardware/software inventory assessmentsIdentifies system security controls shortcomings and developing POA&MsServes as lead for remediating control deficienciesConducts, documents and reports annual self-assessmentsMaintains operational information security posture for a system, program, or enclave; investigating security incidents such as data spills, data integrity and malicious events; authoring and delivering security education training to range of audience levels. Supervisory responsibilities for assigned Information System Security Officers (ISSOs)Ensures the development of facility procedures to:Govern marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media and equipment containing or exposed to classified informationProperly implement vendor supplied authentication features or security-relevant featuresReport IS security incidents to DSS and ensures proper protection or corrective measures have been taken when an incident/vulnerability has been discoveredRequire that each IS user sign an acknowledgment of responsibility for the security of the ISImplement security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate Qualifications: Bachelor's degree from an accredited college in a related discipline with 10 years' experienceCISSP, CISM, or GSLC certification required (DoDI 8570.01 IAM III)Active DoD TOP Secret security clearance6+ years' experience as an ISSO overseeing or managing cybersecurity on classified systems under JSIG, NISPOM Ch8, ICD 503, and/or NIST 800-536+ years' experience developing, managing, providing evidence to close POA&Ms associated with the A&A and project management processes6+ years' experience with Cisco equipment and Microsoft operating systems6+ years' experience interpreting vulnerability scanning results (preferably Nessus or Tenable Security Center)6+ years' experience reviewing workstation, server, firewall, & IPS logs Preferred Additional Skills: Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammatesExperience leading ISSOs and small teamsExperience with Linux is a plusFlexibility to adjust to changing requirements, schedules, and prioritiesPrevious experience with DSS C&A processHigh level of personal motivation and initiative to learn and acquire new skillsAble to work individually as well as part of a team, Excellent time management skillsActive DoD TOP Secret security clearance


• Location: Rochester

• Post ID: 27809283 rochester is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2017