Information Systems Security Manager; On-Site

The Information Systems Security Manager will plan, implement and manage security measures to safeguard computer systems, networks and data. Serve as facility ISSM by maintaining system security plans for Department of Defense (DoD) programs. Provide business and technical knowledge to analyze and implement security policies and procedures for CMMC compliance.

• Perform oversight of the development, implementation and evaluation of information systems security program for assigned programs in compliance with NISPOM, DAAPM, DCID 6/3, JAFAN 6/3, ICD 503, and JSIG RMF.
• Prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, RAR, and SCTM) including participation in system categorization.
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Apply cyber security standards, directives, guidance and policies to special programs classified computing environments.
• Perform tasks related to compliance of Continuous Monitoring (Con Mon) Plans (e.g., audit log review, security patching, software and hardware configuration management).
• Investigate security incidents to include data spills, data integrity incidents, and malicious code incidents.
• Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
• Manages Risk Management Framework (RMF) processes, product development and product maintenance for assigned systems.
• Knowledge and ability to implement and maintain a Risk Management Framework as mandated by NIST 800-37, NIST 800-53, and supporting policy.
• Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
• Generate and maintain required IS and CMMC security documentation including Corporate Policies, Systems Security Plans (SSP), Continuous Monitoring Plans, Security Control Traceability Matrices, Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices and procedures.
• Perform CMMC application and accreditation duties, develop and implement continuous monitoring strategies, and enhance company best practices related to the IT Security posture.
• Maintains and builds business and technical knowledge to analyze and implement security strategies in accordance with best practices and industry requirements.
• Perform other duties as assigned to drive the vision, fulfill the mission, and abide by the value of this organization.

• Excellent customer service skills, clear communication, a passion for technology and a positive attitude.
• Detail-oriented individual with the ability to read, write, and follow policy and procedure.
• Ability to work in a highly visible role with daily interactions with multiple roles.
• Strong analytical skills.
• Familiarity with NIST Special Publications and applying controls to a corporate environment strongly desired.
• Familiarity with CMMC programs.
• Strong self-management skills and ability to adjust as needed to meet shifting priorities.
• Proven project management skills with ability to bring projects to resolution.
• Demonstrated ability to work with multiple groups to accomplish a goal.
• Strong RMF knowledge.

• Bachelor's degree (preferred) in Computer Science or related field
• 5 + years' experience in security risk and systems auditing
• Experience evaluating enterprise infrastructure including, Windows OS, networks, firewalls, VPN, messaging gateways, servers and applications in the context of vulnerabilities and potential security misconfigurations
• Experience implementing technology with security requirements and specific contracts including documenting and writing procedures
• US Secret Security clearance or ability to obtain a government security clearance within 90 days required.

• Office Environment:
  Requires physical capability to work in an office environment including sit/stand up to 9 hours a day and use basic office tools such as a computer, copier/printer, etc. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Hours:
  
  7:00 AM - 5 PM Monday - Thursday;
  Friday 7:00 AM - 4 PM with additional hours as needed to meet demand. Occasional off-shift hours may also be required to provide support to operations. 9/80 work schedule.
• Office located in Lititz, PA, with occasional visits to Lancaster facility.