Information System Security Manager

Overview

Leidos' Chief Information Security Office, reporting through our Digital Modernization Sector, has an opening for an Information Systems Security Manager (ISSM) in our Omaha, NE office. In this role, you will oversee DCSA-approved Collateral Information Systems and OSI-approved Information Systems, thereby maintaining accreditation throughout the system lifecycle. You will serve as the Subject Matter Expert (SME) within the Information Assurance (IA) technical domain, supporting enclaves across the enterprise.

This position oversees day-to-day information system security operations and may manage junior Information System Security Officers (ISSOs), resolve complex problems, and develop innovative solutions to meet changing security requirements. The ideal candidate must be able to work with a team of analysts, information technology management and staff, and site management.

Location
:
On-site in Omaha, NE.

Clearance
:
You must be a US Citizen and currently hold a Secret clearance to be considered for this role.

• Develop and lead Information Security projects from conceptualization to full deployment and user acceptance.
• Create comprehensive training programs on information assurance, data security, cybersecurity best practices, and relevant policies and procedures.
• Design training materials, including manuals, operating procedures, and presentations, and assign online courses and other resources.
• Coordinate technical training on security tools, software, and technologies used within the organization to enhance the skills of IT staff and other relevant personnel.
• Develop and lead training on responding to security incidents, including reporting procedures, containment, eradication, recovery, and post-incident analysis.
• Implement and manage the Risk Management Framework (RMF) Continuous Monitoring process by utilizing an automated ticketing system, ensuring accurate tracking, monitoring, and reporting of security controls, vulnerabilities, and remediation efforts within the organization's information systems.
• Continuous monitoring, analysis, and response to Information System network and security events.
• Document compliance activities in accordance with the governing authority-approved authorization package.
• Support the maintenance of system accreditation packages, including SSPs, CONOPS, security control evidence, POA&Ms, and continuous monitoring documentation.
• Develop procedures and documentation to ensure compliance with Configuration Management (CM) for security-relevant Information System (IS) software, hardware, and firmware.
• Facilitate CCB meetings; assess security impacts of proposed changes; document change requests, approvals, and implementation evidence.
• Ensure systems are operated, maintained, and disposed of in accordance with the governing authority-approved authorization package and customer directives.
• Evaluate proposed changes or additions to the information system and advise senior site leadership of the security relevance.
• Develop and conduct cybersecurity education and training, mentor other information assurance professionals in cybersecurity and secure software development practices.
• Participate in internal/external security audits/assessments/inspections coordinating corrective actions as necessary; participate in the risk management process; perform risk assessments and Continuous Monitoring.
• Lead investigations of computer security violations and incidents, report as necessary to the Facility Security and Senior Program Managers.
• Ensure proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered.
• Work with the Facility Security Officer (FSO) to develop, implement, and manage a formal Information Security/Information Systems Security Program.
• Develop, implement, and enforce information security policies and procedures.
• Author, review, and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization activities.

• An active DoD Secret clearance is required for consideration.
• Bachelor’s degree in an IT-related subject matter area from an accredited college or university and 8+ years of experience in an operational cyber security-specific role (e.g., information system security manager, information system security officer, cyber security specialist) or 12+ years in an IT-related position with at least 10 years in an operational cyber security-specific role.
• At least 5 years of IA Cyber management experience.
• Detailed understanding of the RMF, NIST, and CNSS cyber security requirements and guidance, and cyber security risk management techniques.
• Working knowledge in maintaining compliance with NISPOM and DCSA Assessment and Authorization processes for classified information systems.
• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment, including crypto and key management.
• Working knowledge of Microsoft Windows (workstation &…