Information Systems Security Manager

Responsible for overseeing the development, implementation, and maintenance of an organization's information security program. This role involves managing a team of security professionals, ensuring compliance with security policies and regulations, and mitigating security risks. Key responsibilities include conducting risk assessments, developing security strategies, and coordinating incident response efforts. The ISSM Level 3 must have strong leadership skills, extensive experience in information security, and a deep understanding of security frameworks and compliance requirements. Proficiency with security tools and technologies, excellent communication skills, and the ability to work collaboratively with cross-functional teams are essential for this role. Additionally, the ISSM Level 3 is expected to stay current with emerging security threats and industry trends to continuously improve the organization's security posture.

The job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

Please Note: U.S. Citizenship is required.

ROLES AND RESPONSIBILITIES:

Responsibilities and duties may include, but are not limited to:

• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
• Generate and maintain required information security documentation including Systems Security Plans (SSP), Information Assurance Standard Operating Procedures (IA SOP), Continuous Monitoring Plans, Security Control Traceability Matrices (SCTM), Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices, and procedures
• Maintain customer-required Information Assurance (IA) certifications (i.e. CISSP, Security+, etc.)
• Maintain day-to-day security posture and continuous monitoring of classified ISs
• Schedule, oversee execution, and maintain records of required Information System (IS) auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements
• Develop and conduct test procedures for verification Assessment and Authorization (A&A), Risk Management Framework (RMF) safeguards to meet customer requirements based upon NISPOM, DAAPM, JSIG and related NIST publications
• Employ customer-approved procedures for sanitizing and releasing system components and media
• Maintain a repository of security authorizations for ISs under the office's purview
• Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities
• Maintain a working knowledge of IS functions, security policies, technical security safeguards, and operational security measures
• Coordinate with Facility Security Officer (FSO) and Contractor Program Security Officers (CPSO) to define, implement, and maintain information security policies, strategies, and procedures
• Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
• Ensure the development, documentation, and presentation of classified IS security education, awareness, and training activities
• Must be a team player and be able to work within all levels of a project team
• Excellent time management, scheduling, and organizational skills
• Ability to work well independently as well as follow detailed instructions for completing task
• Capable of conducting independent research, evaluation, and suggestion of recommendations on the acquisition of IA tools and security application software to satisfy the accreditation requirements in support of the organization's mission and workplace efforts to include methods of conducting non-traditional Cybersecurity Test & Evaluation and Independent Assessments
• Routinely engage with Govt technical representative + tech leads for our teammates and subcontractors
• Acts as a resource/mentor for colleagues with less experience

REQUIRED SKILLS:

• Knowledge of federal security requirements and mandates (e.g., RMF, FIPS, NIST)
• Excellent oral and written communication skills
• Strong organizational and time management skills
• Ability to manage multiple tasks concurrently
• Ability to work independently and follow detailed instructions
• Team player with the ability to work within all levels of a project team
• Experience using security hardening, collection, and assessment tools (e.g., SCAP, Nessus, SIEM)
• Strong Microsoft Windows background with some knowledge of UNIX/LINUX
• Knowledge of various computer software applications, hardware platforms, networking components, and LAN/WAN architecture
• Familiarity with security procedures in a SCIF/SAPF environment

REQUIRED COMPETENCIES:

All MTSI employees are required to be skilled in the following core competencies:

• Collaboration/Teamwork: Engages others across roles through communication and mutual respect, shares insights, enabling effective teamwork to ensure collective success. (teamwork)
• Technical and Functional Skills: Leverages technical and functional expertise to deliver high performance, addresses challenges, and supports business needs while pursuing continuous skill development. (domain knowledge)
• Entrepreneurialism: Fosters innovation, evaluates ideas, and advances initiatives with sound judgment and organizational awareness to drive growth and impact. (innovation)
• Communication: Communicates clearly and effectively, fostering understanding, collaboration, and alignment through active listening and impactful messaging. (effective communication)
• Customer Focus: Prioritizes customer needs, builds trust, and delivers exceptional service by using insights to drive improvements and strengthen relationships. (customer insight)

QUALIFICATIONS:

• Bachelor's degree in Computer Science, Information Technology, Information Security, or related field
• Five (5) years of experience working in an IA-related field
• CompTIA Security+ or higher-level DoD 8570.01/8140.03 certification
• DIA Xacta training
• Certification in one or more of the following: ISC2 Certified Information Systems Security Professional(CISSP), ISC2 Certified in Governance Risk & Compliance (CGRC), ISC2 Systems Security Certified Practitioner (SSCP), ISACA Certified Information Security Manager (CISM), GIAC Industrial Cyber Security Certification (GICSP), GIAC Security Essentials (GSEC), GIAC Cyber Security Leadership (GSLC), CompTIA Cybersecurity Analyst + Certification (CySA+), or CompTIA Advanced Security Practitioner + (CASP+)
• Experience with Linux operating system (RedHat Enterprise Linux)
• Experience working both independently and as a team to accomplish short notice, high priority tasks directed by senior leadership
• Experience applying problem solving techniques to complex government problems related to adapting enterprise solutions to tactical systems and devices
• Experience with external systems and procurement of hardware-Experience working with Defense Counterintelligence and Security Agency (DCSA)
• Extensive experience with Xacta solutions-Experience with security architectures, firewalls, and network access
• Experience with risk managed downloads, IS sanitization and destruction, PEDs, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management
• Experience with A&A documentation and system authorization artifacts

PHYSICAL REQUIREMENTS:

• Frequent sitting for long periods using computer keyboard, zoom conferencing, Microsoft teams, telephone etc.
• Regular standing and walking to file documents, make copies, meet with leaders / employees in other parts of the building etc.
• Keyboarding: Entering text or data into a computer or other machine by means of a traditional keyboard(traditional keyboard refers to a panel of keys used as the primary input device on a computer, typographic machine, or 10-key numeric keypad)
• Work is performed in an office environment and requires the ability to operate standard office equipment
• Some work (less than 5%) may require moving and lifting of heavy objects

TRAVEL: 10%

CLEARANCE: An active TS/SCI is preferred or the ability to obtain a TS/SCI clearance.

#LI-BG1