Information System Security Manager

POSITION SUMMARY:

Responsible for the administration and coordination of the DOD, DOE, or other industrial security programs and activities to ensure compliance with government and company security policies and procedures.

ESSENTIAL JOB FUNCTIONS:

• Develops and administers security programs and procedures for classified or proprietary materials, documents, and equipment in coordination with government agencies and management personnel.
• Establish, document, implement, and monitor the Information System (IS) Security Program and related procedures for the facility.
• Ensure Information System (IS) compliance in accordance with the Risk Management Framework (RMF), National Industrial Security Program Operating Manual (NISPOM) and the DSS Assessment and Authorization Process manual (DAAPM).
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for IS personnel, users, and others, as appropriate.
• Conduct self-inspections to ensure that the IS function is operating as accredited and that accreditation conditions have not changed.
• Ensure the development of facility procedures to: Govern marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media and equipment containing classified information.
• Report IS security incidents to the Facility Security Officer; assuring proper protection or corrective measures have been taken when an incident/vulnerability has been discovered.
• Implement and monitor security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate or needed. Inform the Customer, U.S Government Defense Security Service and FSO of security relevant changes to accredited information systems as required.
• Responsible for developing and maintaining an IS security audit and accountability program.
• Responsible for the oversight and continued training and education of Information System Security Officer(s) (ISSO).
• Responsible for GSC quarterly updates and presentations.
• Other related duties as assigned by supervisor or FSO.
• Follow all Company policies and procedures

SKILL REQUIREMENTS:

• Experience formulating plans, policies, procedures, and other documentation required to manage the operation of protection functions and activities
• Working Knowledge of the Risk Management Framework (RMF), National Industrial Security Program Operating Manual (NISPOM) and the DSS Assessment and Authorization Process manual (DAAPM).
• Working Knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls,  based on NIST SP 800-53r4, as they are mapped to the corresponding NISPOM and RMF references.
• Working knowledge of SCAP and STIG Viewer.
• Experience/Knowledge of the following Operating Systems:
  • Microsoft Windows Server 2019 and above
  • Microsoft Windows 10 and 11 Professional
• Highly proficient with Microsoft Word, Excel, PowerPoint, and Outlook
• Proven analytical and problem-solving experience
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Excellent, written, oral, and interpersonal communication skills.
• Ability to present ideas in a business-friendly and user-friendly (non-technical) language
• Highly self-motivated and directed
• Team oriented mentality and skilled in working within a collaborative environment
• Experience providing construction recommendations to facilitate accreditation
• Excellent oral and written communication skills 
• In-depth working knowledge of the National Industrial Security Program (NISPOM) and proficiency in using DISS

QUALIFICATIONS:

• Bachelor's (or equivalent) with 7+ years of experience
• Current Top-Secret Clearance
• Must have working knowledge with the 32 CFR 117 as well as experience with working in DoD Government systems of records to include DISS and NISS
• Preferred certifications that meet the basic requirement for Information Assurance Manager (IAM) Level II, per DoD 8570.01-M:

1. ISC2 Certified Authorization Professional (CAP)
2. ISC2 Certified Information System Security Professional (CISSP (or Associate))
3.  ISACA Certified Information Security Manager (CISM)
4. CompTIA Advanced Security Practitioner (CASP)
5. GIAC Security Leadership (GSLC)

WORK ENVIRONMENT:

• This is an office position that may require sporadic visits to the production floor to communicate with team members on an as needed basis.
• Flexible remote work available occasionally, dictated by company needs. 

PHYSICAL DEMANDS:

• Ability to accomplish the physical requirements of the position with or without reasonable accommodation.

SAFETY AND POLICY PRACTICES:

Each employee must be knowledgeable of standard safety policies and procedures and adhere to the same while supporting the goals and objectives of the organization and recognizing the Company’s need to achieve its business objectives. Each employee is responsible for complying with company hazardous waste disposal procedures.

AFFIRMATIVE ACTION:

ADDMAN Engineering is proud to be an Equal Opportunity Employer of Minorities, Women, Protected Veterans, and Individuals with Disabilities. All terms and conditions of employment will be administered without regard to an individual’s sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by applicable law.

NOTE: This job description is intended to describe the general level of work being performed. This job description is not intended to be all-inclusive. The duties of this position may change from time to time, and the employee may perform other related duties to meet the ongoing needs of the organization. ADDMAN Engineering reserves the right to add, delete or modify these duties and responsibilities at its discretion. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Employment is at-will, and nothing in this job description is intended to create or imply a contractual relationship or alter the at-will status of the employee.