Information Systems Security Manager

SOSi is currently seeking an experienced Information Systems Security Manager for our team in Ramstein AB, Germany. The candidate will be responsible for planning, implementation, and maintenance of security measures to protect information technology networks and systems. Works with customers, partners, stakeholders, and team members to develop and implement DoD security procedures.

• Work directly with Security Control Assessor (SCA) / Cyber Risk Assessor (CRA) team to evaluate risk associated with ongoing operational needs.
• Participate in the planning, design, and implementation of enterprise security architecture.
• Serve as a Subject Matter Expert with respect to National-level Security Policies to include ICD 503, NIST SP-800 Series, and CNSS Instruction 1253.
• Communicate and interact with all system stakeholders to include Senior Management and the Authorizing Official.
• Ensure ISSOs and stakeholders follow all information security policies, standards, and methodologies to obtain and/or maintain security authorizations.
• Provide support to the Government on all matters (technical and otherwise) involving the cyber security.
• Assist in the development and execution of an enterprise level continuous monitoring program to minimize security risks and ensure compliance with that program on a routine basis.
• Guide the development and updating of the system security plan, as well as managing and controlling changes to the system and assessing the security impact of those changes.
• Provide support to plan, coordinate, and implement IT security programs and policies.
• Provide configuration management guidance for security-relevant information system software, hardware, and firmware.
• Ensure that protection and detection capabilities are acquired or developed using the information system (IS) security engineering approach and are consistent with organization-level cybersecurity architecture.
• Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.
• Interpret and/or approve security requirements relative to the capabilities of new information technologies.
• Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
• Define, implement and maintain corporate security policies and procedures.
• Spearhead vulnerability audits, investigations and mitigation procedures associated with threat analysis.
• Institute organization-wide training in security awareness, protocols and procedures.

• A current active secret clearance.
• High School Diploma with eleven (11) years Cybersecurity experience OR, Associate's degree with seven (7) years of experience, OR a Bachelor's degree with (5) years of experience.
• DOD Approved 8570 certification - IAM Level III.
• Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process.
• Thorough knowledge of the Risk Management Framework (RMF), security principles, concepts, policies, and regulations.
• With limited supervision/assistance create security artifacts develop security policies / work to be accomplished individually or with 1 other security professional.
• Assist in drafting "Authorization to Operate" (ATO) packages for new and existing systems and updating or establishing artifacts to support security controls.
• Experience utilizing the Enterprise Mission Assurance Support System (EMASS).
• Communicating clearly, precisely to solve problem and innovate.

• Recent ISSO or ISSM experience.
• IAT Level III IAM Level III Certified (e.g., CISSP, CASP Certification).
• Strong familiarity with Coalition and Multi-National information sharing systems, policies and environments.
• Knowledge of the principles, methods, and techniques used in network security.
• Knowledge of scanning, endpoint security, and firewall technologies.
• Comprehensive knowledge of desktop operating systems and applications.
• Knowledge of DoDI 8510 01, CNSSI 1253, NIST 800-53 rev4.
• Experience implementing and maintaining security controls.
• Understanding of National Institute of Standards and Technology (NIST) 800 53 security controls and control families.
• Technically competent, solid decision making and critical thinking, strong customer focus, self-motivated, desire to learn, effective and professional interpersonal skills, pride in work, strong team player.
• Familiarity (administrative and configuration level experience) with HBSS systems, McAfee ePO, server, ACAS and policy Administrator tasks and skills.
• Configure, conduct, and interpret network vulnerability scans.

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable).

All interested individuals will receive consideration and will not be discriminated against for any reason.