Journeyman Information Systems Security Manager; ISSM

To join our dynamic, professional team, review our list of jobs below to find the one that is the perfect fit for you.

If none of these are right for you right now, submit your application to the general consideration posting.

Job Title: Journeyman Information Systems Security Manager (ISSM)

Job Description: Sumaria Systems is seeking an Information System Security Manager (ISSM) to ensure system and application deliverables meet all required cyber security policies and regulations for the Technical Advisory and Assistance Services (TAAS) program at Hanscom AFB. This is a full-time position.

• Support system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing National, DoD, and Department of the Air Force policies (i.e., RMF).
• Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.
• Conduct risk and vulnerability assessments and inspections of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards.
• Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts.
• Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified.
• Review system test plans and test results and if necessary, observe system testing for security control implementation in accordance with cybersecurity policies, guidance, and plan.
• Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable.
• Continuously monitor intelligence and open-source information for vulnerabilities affecting systems, assess risk, and provide POA&M recommendations.
• Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals.
• Conduct systems security monitoring, evaluations, audits, and reviews.
• Recommend systems security contingency plans and disaster recovery procedures.
• Recommend and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participate in network and systems (to include cryptographic) design to ensure implementation of appropriate systems security policies.
• Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assess security events to determine impact and implementing corrective actions.
• Ensure the rigorous application of cybersecurity and cryptographic policies, principles, and practices throughout the system development lifecycle.
• Author, monitor, and record system information in applicable databases.
• Prepare and record system, security status, and portfolio management information into the Air Force Information Technology Investment Portfolio Suite (referred to as ITIPS) for FISMA;
  Security, Interoperability, Supportability, Sustainability, Usability (SISSU);
  Clinger Cohen Act; and other statutory…