Information Systems Security Manager - 31446 in Oklahoma City, OK at Alion Science and Technology

Date Posted: 12/7/2019

Job Snapshot

Job Description

Alion Science and Technology, is looking for an energetic Information Systems Security Manager (ISSM) to support the special programs sustainment branch at Tinker AFB, OK. 

The ISSM manages the cyber security program. The ISSM establishes, documents, and monitors an operating unit’s cyber security program implementation plan, and ensures compliance with DoD management policies. Candidates must possess a working knowledge of cyber security policies and technical cyber security protection measures. The ISSM also serves as the authorizing officer for all of an operating unit's cyber security issues.  

Twelve months or more experience at SAP environment within 5 years

Certified Information Systems Security Professional (CISSP) Certified

Security + Certified

Perform Risk Framework Management (RFM) activities leading to system RMF acceptance in support of the requirements of established DoD RMF guidance (DoDI 8510.01), which includes:

  • System categorization
  • Selecting security controls
  • Implementing security controls
  • Assessing security controls
  • Monitoring security controls
  • Documentation development, review, updates at each phase
  • Interaction with accepted certification data system
  • Framework (RMF) certification packages. 
  • Coordination of activities with Engineering Directorate IT Management Branch
     
    Activities will comply with, but are not limited to, the following:
  • DoDI 8500.01 – Cybersecurity
  • DoDI 8510.01 – Risk Management Framework for DoD Information Technology
  • DoD 8570.01M – Information Assurance Training, Certification, and Workforce Management
  • NIST 800-series Special Publications (SP), Computer Security
  • AFI 33-200 – Information Assurance Management
  • AFI 33-210 – Air Force Certification and Accreditation (C&A) Program
     

Knowledgeable of activities that comply with certification and accreditation (C&A), DIACAP or RMF accreditation package and artifact generation to enable Authority to Operate (ATO) on AF networks.  Provide analytical support for the development and submission of C&A documentation packages in compliance with the DIACAP or RMF requirements. The position will apply knowledge of technology, analyze the security implications of systems and applications security, and provide recommendations to decision-makers and engineers, providing experience-based advice and assistance to facilitate C&A efforts.

  • Work with DoD clients in certification and accreditation (C&A) activities per the RMF process.
  • Support the client during team meetings and one-on-one on the completion of C&A documents.
  • Perform technical security guidance in all phases of system accreditation requirements ensuring they are coordinated and communicated across the participant activities. 
  • Perform risk and vulnerability analysis, Cybersecurity vulnerability management compliance and reporting. 
  • Ensure designs meet applicable security technical implementation guides (STIGs)
  • Research, interpret, and provide technical policy guidance pertinent to information and system security.
  • Provide cradle to grave support for an RMF package.
  • Perform system C&A planning, assessment validation, testing, and liaison activities
  • Review Configuration Control Board items for compliance with security requirements
  • Walk the RMF accreditation package through levels of approval with minimal supervision.
  • Support the preparation, submission and maintenance of various RMF authorization artifacts, e.g., Trusted Facility Manuals, System Security Plans (SSP), Security Concept of Operations (CONOPS), Security Requirements Traceability Matrix (SRTM),  Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and other security related documentation.
  • Perform verification and validation and provide guidance on mitigating risks to systems. 
  • Develop and execute C&A schedules, develop and modify C&A documentation, work with engineers to analyze the information assurance (IA) architecture of IT systems for compliance with DoD policies, analyze and execute test plans, and assess the IA risk of IT systems, documenting them in formal risk assessments.
  • Ensure RMF packages/artifacts are accurate and complete.
  • Implementing and enforcing IT security policies and procedures
  • Performing system/network accreditation activities using established DoD policies
  • Reviewing IT security requirements to determine impact to existing procedure
     

Additional Requirements and Knowledge:

  • Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
  • Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
  • Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, Sys Admin) and security training to carry out their duties.
  • Assist ISSOs to ensure proper decisions are made concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
  • Ensure the development of system accreditation/certification documentation by reviewing and endorsing such documentation and recommending action to the DAA Rep/SCO.
  • Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
  • Maintain, as required by the DAA Rep/SCO, a repository for all system accreditation/certification documentation and modifications.
  • Coordinate IS security inspections, tests, and reviews.
  • Investigate and report (to the DAA/DAA Rep/SCO and local management) security violations and incidents, as appropriate.
  • Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
  • Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
  • Ensure development and implementation of an effective IS security education, training, and awareness program.
  • Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
  • Develop procedures for responding to security incidents, and for investigating and reporting (to the DAA Rep/SCO and to local management) security violations and incidents, as appropriate.
  • Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized.

Security Clearance: Top Secret/Sensitive Comp Info

Next Steps

Next Steps

JOIN OUR TALENT NETWORK

Join the Alion Talent Network today and stay up-to-date on our openings as they continue to become available! As a member of our network, you will receive alerts with new job opportunities that match your interests and have the ability to share job opportunities through social media or email. Join now!

Whether you choose to apply or just leave your information, we look forward to staying connected with you.