Corporate Information System Security Manager (ISSM)

Corporate Information System Security Manager (ISSM) Company Overview KODA is a people-first company recognized as a five-time winner of Huntsville's Best Places to Work Award, certified as a Great Place to Work, and a Best Place for Working Parents. KODA is a small business focused on solving complex engineering problems on national-priority projects in domains such as missile defense, hypersonics, DOD space, and civil space. Our expertise spans Radar and Missile Development, Multi-Domain Operations, Flight and Ground Test Planning and Execution, Tactical Data Link Testing, Test Range Instrumentation, Systems Engineering and Integration, Model and Simulation Development, and Digital Engineering/Model-Based Systems Engineering. The name KODA, a Native American word meaning 'allies', embodies our dedication to our customers and each other. Trust and integrity guide us in all we do. We prioritize our people, support national-priority missions, and give back to our community through the KODA Cares program. We offer competitive compensation, excellent benefits, and a commitment to professional growth. Join us and learn more at Position Overview KODA Technologies Inc. is seeking a full-time Corporate Information System Security Manager (ISSM) to oversee the implementation and continuous monitoring of the Risk Management Framework (RMF) and Cybersecurity Maturity Model Certification (CMMC) of KODA's Classified Information System and Corporate Information System. Duties/Responsibilities Oversee and manage the risk posture of the KODA classified AIS in accordance with the NIST 800-37 Risk Management Framework (RMF) process, working directly with Defense Counterintelligence & Security Agency (DCSA) Information System Security Professional (ISSP) to develop and implement the required strategy utilizing NIST 800-53 to accomplish KODA's missions. Maintain and monitor KODA's Cybersecurity Maturity Model Certification (CMMC) Level 2 certification in accordance with NIST 800-171 and DFARS View phone number on click.appcast.io. Chair KODA's RMF and CMMC Configuration Control Boards (CCB) and make risk determinations supporting KODA's current risk posture as defined by current authorizations. Maintain KODA's RMF and CMMC Continuous Monitoring (ConMon) Plans to maintain system accreditation compliance. Develop and implement Plan of Action & Milestones (POA&M). Work collaboratively with System Administrators to conduct Cyber Security (CS) Risk Assessment Reports (RAR) to develop mitigation, remediation, and monitoring strategies in compliance with National Industrial Security Program Operating Manual (NISPOM, 32 CFR, Part 117) and DCSA Assessment and Authorization Guide (DAAG). Implement all applicable controls associated with obtaining and maintaining RMF Authorities to Operate (ATO) IAW NIST 800-37. Manage and report DCSA required RMF efforts to DCSA Information Systems Security Professional (ISSP) and Security Control Assessor (SCA). Provide recommendations to the Senior Information Systems Officer (SISO), associated project Team Leads, and Facility Security Officer (FSO) for process enhancements for DCSA-accredited IS. Assist the SISO and FSO in the effective implementation, assessment, improvement, and management of the KODA Security Program. Act as the liaison between KODA Leadership and the corporate IT and Cybersecurity Managed Service Providers regarding vulnerability scanning, mitigations, risk acceptance and overall system security posture. Support KODA's oversight and performance of other corporate computing efforts as needed, including monitoring of Help Desk ticket status, new hire IT onboarding, system administration, and inventory of KODA and government-furnished property. Requirements Two-year or four-year degree in Computer Engineering, Computer Science, Information Systems Security/Assurance, or related field. 4+ years of ISSO experience or 2+ years of ISSM experience. 4+ years of Microsoft operating systems administration experience. 2+ years of experience with Assessment & Authorization (A&A) responsibilities, including ISSO, ISSM, policy development, control testing, POA&M management, and configuration management. Ability to obtain and maintain DoD 8140 IAM II certification. Experience with working with DoD tools, including Enterprise Mission Assurance Support Service (eMASS), SCAP, DISA STIGs and other monitoring tools. Experience with performing cybersecurity compliance standards, including NIST Controls and DISA STIGS. Experience with Systems Administration, Information Systems Auditing, Data Security Analysis and/or Network Administration. Experience with Microsoft Office products. Strong organizational, analytical, and problem-solving skills. Solid communication skills, both in written, verbal, and interpersonal skills. Ability to self-prioritize tasking and work multiple projects in tandem while meeting mission objectives and strict timelines. Ability to develop and maintain effective working relationships across the organization. Willingness to jump in and support various diverse IT-related tasks when needed to support the mission. Clearance Active Secret Clearance KODA Technologies Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, gender identity, sexual orientation, pregnancy, status as a parent, national origin, disability (physical or mental), family medical history or genetic information, political affiliation, military service, or other non-merit based factors. If you are unable to complete this application due to a disability, contact View email address on click.appcast.io to ask for an accommodation or an alternative application process. #J-18808-Ljbffr