Job Description

The Information System Security Manager (ISSM) is responsible for applying Information System (IS) security principles, practices, and procedures under the Risk Management Framework (RMF) to maintain compliance with applicable security regulations, such as NIST, CNSSI, and NISPOM, governing the development and management of classified information systems. This position will be responsible for managing the program s overarching security effort and representing the program to the sponsor s security organization. This position requires the ISSM to be a strong advocate for integrating security into front-end requirements and overseeing the implementation and sustainment of security controls in all stages of the program lifecycle.

The ISSM will be a program staff member providing direct support to a U.S. Government sponsor.

*Occasional local and domestic travel may be required for work or training purposes less than 10%.

Working directly or through collaboration with peers, the ISSM shall:

• Create and maintain information security related documentation

• Implement, maintain, and monitor security controls

• Advise developers on integrating security requirements

• Achieve and maintain Authorization to Operate classified information systems

• Coordinate with sponsor and corporate security organization

• Oversee Continuous Monitoring program

• Maintain operational security posture for information systems

• Provide security related training and guidance to program management and staff

• Maintain eligibility for personal security clearance

• Perform other duties as assigned

Required Education, Experience, & Skills

Candidates must have:

• Current Top Secret clearance

• IAM Level III certification in accordance with DoD 8570.01M, such as CISSP.

• Understanding of NIST 800 series, CNSSI 1253, NISPOM Chapter 8, and related publications

• Ability to perform risk assessment and risk management for classified information systems

• Familiarity with the RMF process and experience in drafting RMF documentation

• Experience in implementing and monitoring technical, administrative, and operational security controls

• Ability to maintain organized and complete records

• Ability to prioritize competing demands and complete tasks on schedule

• The successful candidate must have previous experience with classified information system security management, network and/or system administration, network and/or system engineering, and the RMF process. A successful candidate will have experience in the assessment and authorization of classified information systems. The candidate must also hold a high-level Security or Information Technology related certification and have demonstrated experience applying certification related skills.

Preferred Education, Experience, & Skills

In addition to the required skills for this position, a qualified candidate for this position will demonstrate a combination of training and hands-on experience in many of the operational and technical skills listed below:

• Collaborating in a team environment

• Good writing

• Familiarity with the Xacta or DCSA eMass systems

• Security Technical Implementation Guides (STIGs)

• Information Assurance Vulnerability Alerts (IAVAs)

• Security Content Automation Protocol (SCAP) Compliance Checker (SCC)

• Cloud Security concepts

• MS Windows Server Group Policy Objects

• MS Windows Server - Active Directory

• MS Windows Server System Administration

• Reviewing MS Windows security event logs

• Use of scanning tools and interpreting results

• Security incident management

• Working with hardware and software vendors

Pay Information

Full-Time Salary Range: $112420 - $191070

Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.

Information System Security Manager (ISSM)

104330BR

EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression