Information Systems Security Manager; ISSM Subject Matter Expert

To join our dynamic, professional team, review our list of jobs below to find the one that is the perfect fit for you.

If none of these are right for you right now, submit your application to the general consideration posting.

Job Title: Information Systems Security Manager (ISSM) Subject Matter Expert

Job Description: Sumaria Systems is seeking an Information System Security Manager (ISSM) to ensure system and application deliverables meet all required cyber security policies and regulations for the Technical Advisory and Assistance Services (TAAS) program at Hanscom AFB. This is a full-time position.

ISSM SME responsibilities include, but are not limited to:

• Manage the system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Department of the Air Force policies (i.e., RMF).
• Develop and conduct a Continuous Monitoring plan in support of A&A activities to maintain ongoing awareness of cybersecurity, vulnerabilities, and threats to facilitate risk-based decision making.
• Maintain and report system assessment and authorization status and issues in accordance with DoD Component guidance.
• Participate in meetings/teleconferences, change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts.
• Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified.
• Review system test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. Document findings in a report.
• Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting AFNWC/NCL systems, assess risk, and provide POA&M recommendations to ISSM and PM as required.
• Act as the primary cybersecurity technical advisor to Program Management and System Engineers for systems under their purview.
• Coordinate Trusted Systems and Networks (TSN) and Supply Chain Risk Management (SCRM) evaluation of program information, software, and hardware throughout the program life cycle.
• Ensure that cybersecurity-related events or configuration changes that may impact systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs.
• Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Perform cybersecurity inspections, tests, and reviews.
• Ensure ISSMs are appointed in writing and provide oversight to ensure they are following established cybersecurity policies and procedures.
• Ensure that Information and System Owners associated with DoD information received, processed, stored, displayed, or transmitted on each system are identified to establish accountability, access approvals, and special handling requirements.
• Maintain a repository for all organizational or system-level cybersecurity-related documentation.
• Ensure implementation of IS security measures and procedures including reporting incidents to the appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 3 for classified information or DoD Manual 5200.01, Volume 4 for Controlled Unclassified Information (CUI), respectively.
• Ensure handling of possible or actual data spills of classified information resident in ISs, are conducted in accordance with DoD 5200.01, Volume 3.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or…