Information System Security Manager (ISSM)

Company: BAE Systems
Location: Sterling
Posted on: May 16, 2022

Job Description:

Join BAE Systems' Intelligence and Security sector and be a part of a team that enables our employees to support our customers and their missions. We are seeking an Information System Security Manager (ISSM) to join the security team in our Sterling, Virginia facility. The ISSM is the primary point of contact between the organization and the Cognizant Security Agency (CSA) on all aspects of Information Technology (IT) systems; security, risk management, assessment, and authorization. The ISSM is responsible for ensuring security principles, procedures, and practices under the Risk Management Framework (RMF) are applied to information system. As an ISSM you will work in coordination with Senior Security Management, Customer Representatives, Program Managers, Information System Security Officers (ISSO), and System Administrators (SA) to maintain a strong information security posture. Your work will ensure information systems maintain compliance with applicable security directives and standards, such as ICD 503, NIST, CNSSI, and NISPOM.The site ISSM is as a member of the corporate security team and may be called-on to assist the team with other security related duties, such as self-inspections, investigations, user-training, interpreting & applying corporate policy, etc. In the future the Sterling ISSM may become a direct supervisor of Information System Security Officers (ISSO).The BAE Systems' Sterling facility is located near the intersection of the Dulles Toll Rd (Rt. 267) andSully Rd (Rt. 28).Occasional local travel may be required for work or training purposes - less than 5%.The responsibilities of an ISSM include, but aren't necessarily limited to:Manage Information Assurance Program at the BAE Systems' Sterling, VA facilityAct as primary point of contact with multiple CSAs on information and IT system security mattersProtect information systems and data from threats and vulnerabilitiesCreate and maintain system security documentationImplement, maintain, and monitor security controlsAchieve and maintain Authorization to Operate classified information systemsAssess technical and non-technical threats and mitigate vulnerabilitiesProvide security related guidance to colleaguesMaintain eligibility for personnel security clearancePerform other duties as assignedFor an extensive list of responsibilities and tasks that may be associated with the ISSM role, refer to the DCSA Assessment and Authorization Process Manual (DAAPM) or visit the DHS Cybersecurity & Infrastructure Security Agency (CISA) Cyber Jobs GlossaryRequired Education, Experience, & SkillsRequired Education & Experience:8+ years relevant technical or security experience with a Bachelor's or Master's degree in a related field15+ years relevant technical or security experience and relevant certifications, but some or no collegeRequired Certification:The candidate must hold an IAM Level 2, DoD 8570.01-M compliant certification (i.e. CAP, CASP+ CE, CISSP, GSLC, CCISO, or HCISSP).Required Security Clearance:Active Top Secret Clearance w/poly and Single Scope Background Investigation (SSBI) completed within the last 6 years.Required Skills & Experience:A qualified candidate for this position must have the ability to:Communicate clearly and concisely verbally and in writingListen and ask clarifying questions as neededSpeak in small and large group settingsDraft clear, concise, and grammatically correct documentationMaintain complete and organized recordsSet and self-manage professional development& education goalsAbility to prioritize competing demands and complete tasks on scheduleA qualified candidate for this position must have experience with or an understanding of:The RMF processNIST 800 series, CNSSI 1253, NISPOM Chapter 8, and related publicationsRequirements gathering, designing, and implementing IT SystemsDrafting System Security Plans (SSP) and other Body of Evidence (BOE) documentation in support of an authorization package, such as boundary diagrams, operating procedures, etc.Documentation process tools such as Xacta and eMassImplementing and monitoring technical, administrative, and operational security controlsPerforming risk assessment and risk mitigation for classified IT systemsThe Assessment and Authorization (A&A) processCollaborating with CSA representatives to maintain open communicationUsing network/system scanning tools and interpreting resultsUsing Security Information and Event Management (SIEM) softwareSecurity incident managementSecurity education, awareness, and trainingPreferred Education, Experience, & SkillsIn addition to the required skills for this position, a successful candidate will demonstrate some combination of knowledge, training, and hands-on experience with/in:The IC communityIC community networksAs an [assistant] FSO, CSSO, or CPSOPenetration testingVulnerability AnalysisCritical Incident ResponseCOMSEC proceduresNetwork design and network device configurationHardware and software vendorsVirtualized environments & virtualization technologiesCloud Security conceptsMcAfee Host Based Security System (HBSS) ePolicy Orchestrator (ePO) and Nessus Assured Compliance Assessment Solution (ACAS) systemsDefense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM)CUI protection guidelinesInsider Threat ProgramsAbout BAE Systems Intelligence & SecurityBAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.Our Commitment to Diversity, Equity, and Inclusion:At BAE Systems, we work hard every day to nurture an inclusive culture where employees are valued and feel like they belong. We are conscious of the need for all employees to see themselves reflected at every level of the company and know that in order to unlock the full potential of our workforce, everyone must feel confident being their best, most sincere self and be equipped to thrive. We provide impactful professional development experiences to our employees and invest in social impact partnerships to uplift communities and drive purposeful change. Here you will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, grow and belong.

Keywords: BAE Systems, Sterling , Information System Security Manager (ISSM), IT / Software / Systems , Sterling, Virginia