Information Systems Security Manager

Company: BAE Systems USA
Location: Sterling
Posted on: March 18, 2023

Job Description:

**Job Description**What's it like to be a part of an innovative company protecting and securing what is important and valuable to us? Amazing! Join BAE Systems Intelligence and Security (I&S) sector and be a part of an innovative team who solves the some of the most complex technical challenges.We are looking for **Information Systems Security Managers (ISSMs)** to join a team of Cybersecurity professionals responsible for safeguarding the customer enterprise, monitor the security posture of customer tools and systems, and evaluate baseline and changes to ensure compliance and maintain secure critical information technology (IT) systems.**As an ISSM, you will:**develop and maintain plans, instructions, guidance, and standard operating procedures concerning the security of IT systems operations.support compliance activities and provide continuous validation of the enterprise security posturemonitor security findings and recommendations and ensure remediation plans are in place for vulnerabilities identified as part of the risk mitigation processparticipate in security risk assessments as part of the Security Assessment and Authorization processcoordinate cybersecurity inspections, tests, and reviews for enterprise IT systems.**An ideal candidate will,**advise senior management on policy standards and implementation strategies to ensure compliance with security policies, guidance, and procedures and to protect critical IT Systemsidentify IT systems specific security requirements across all phases of the System Life Cyclepractice continuous evaluation, validation, and implementation of improvement actions as neededreview non-compliance to determine patterns and the impact on risk level efficacy the enterprise s cybersecurity program.**Candidate should have a working knowledge of:**cybersecurity principles and specific operational impacts of cybersecurity lapsescomputer networking concepts and protocols, network architecture, and network security methodologies.system life cycle management principles, including security and usability.current industry methods for performing security assessments and authorization processes (including achieving Certification to Field (CtF) and Authority to Operate (ATO))handling protocols for sensitive and classified information, and procedures for information compromiseRisk Management Framework (RMF) requirementsincident response and handling methodologies.enterprise incident response program, roles, and responsibilities.**More senior ISSMs may also,**act as primary contact for the prime and/or customer regarding status of ongoing risk mitigation activities, findings, and implementation of remediation effortssupervise or manage corrective actions and mitigation efforts when a cybersecurity incident or vulnerability is discoveredadvise senior management or Authorizing Official on risk levels and changes affecting the organization s cybersecurity postureoversee program compliance with customer information security training and awareness requirements.serve as point of contact for accurate and timely dissemination of incident and other Computer Network Defense information to external organization as appropriate.**Required Education, Experience, & Skills**Education/Equivalent:Associate degree in Computer Science, Engineering, or related technical discipline OR equivalent experience and training from the DoD 8140 Training Repository OR 1 of the following certifications:Intermediate: CAP or CASP or CCISO or CCSP or CISM or CISSP or Cloud or SSCPAdvanced: CISSP-ISSMP or GSLCCertification Requirement:Intermediate/Advanced levels require IAT/IAM/IASAE Level 3 (or higher) certification (e.g. CASP CE, CISA, CISSP (or Associate), GCED, GCIH, CISM, GSLC, CISSP-ISSAP, CISSP-ISSEP)Entry levels require IAT/IAM/IASAE Level 2 (or higher) certifications (e.g. CAP, CASP, CASP CE, CCNA-Security, CISM, CISSP (or Associate), CSSLP, GICSP, GSEC, GSLC, Security CE, SSCP)5 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.2 years of hands-on experience with cybersecurity governance and methodologies(At least 3 years of relevant roles and 2 years of hands-on experience for entry level applicants)Experience must include:creating policies reflecting system security objectivesdetermine how a security system should works (resilience and dependability) and how it is affected by changes to itself and the environment in which it operates.**Preferred Education, Experience, & Skills**+ Bachelor's degree in Computer Science, Engineering, or related technical discipline+ AND IAT Level 3 certification (e.g. CASP CE, CISA, GCED, GCIH)+ CISSP-ISSMP or GSLC certification10 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.4 years of hands-on experience with cybersecurity governance and methodologies**Information Systems Security Manager****88709BR**EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression

Keywords: BAE Systems USA, Sterling , Information Systems Security Manager, Executive , Sterling, Virginia