Information Systems Security Manager - CSfC

Information Systems Security Manager (ISSM)

Transform technology into opportunity as an Information Security Analyst Advisor with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate.

At GDIT, people are our differentiator. As an Information Security Analyst Advisor, you will help ensure today is safe and tomorrow is smarter. Our work depends on the Information Security Analyst Advisor joining our team to perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, networks, databases, and Web-based security.

HOW AN INFORMATION SECURITY ANALYST ADVISOR WILL MAKE AN IMPACT

• Manage the secure development and authorization of new USAFE-AFAFRICA systems, from inception to full operational capability, leveraging NIST security frameworks.
• Serve as the primary cybersecurity point of contact for USAFE-AFAFRICA systems, ensuring compliance with security policies, procedures, and regulations, and providing timely dissemination of threats, risk, and authorization status to stakeholders.
• Perform all necessary procedures to ensure the safety of information systems assets, including overseeing the accreditation and certification of USAFE-AFAFRICA systems in accordance with DoD, Intelligence Community, and agency-specific requirements.
• Prepare and submit System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and risk assessment documents, and collaborate with Authorizing Officials (AOs) to achieve and maintain Authorization to Operate (ATO) status.
• Conduct regular reviews of DISA STIGs, ACAS vulnerability scans, and provide remediation feedback to ensure compliance and implement RMF continuous monitoring efforts.
• Develop and recommend policies and procedures to ensure information systems reliability, accessibility, and security, and conduct systems security evaluations, audits, and reviews to identify vulnerabilities and risks.
• Develop RMF Control Family plans and procedures and ensure overall adherence to these plans and procedures.
• Recommend and implement programs to educate systems, network, and data users on systems security policies and procedures, and participate in network and systems design to ensure implementation of appropriate security policies.
• Ensure the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Perform ISSM duties as outlined in AFMAN 17-01 and DoDI 8510.01 for assigned systems/applications.
• Maintain familiarity with relevant DOD/NIST RMF publications, including NIST 800-53, 800-60, 800-37, DODI 8540.01

WHAT YOU’LL NEED TO SUCCEED:

Education:

A Bachelor’s degree in computer science/systems, information systems/ technology, engineering/engineering technology, software engineering/programming, management, natural sciences, social sciences, mathematics, or business/finance is required.

Education and experience requirements may be substituted with:

• A master’s degree (in subjects described above) and eight years’ general experience of which at least seven years must be specialized experience.
• A Ph.D. (in subjects described above) and six years’ general experience of which at least five years must be specialized experience.

No degree and thirteen years general experience of which at least eleven years is specialized.

Required Experience:

This position requires a minimum of 8 years’ experience, of which at least 4 years must be specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities and resolution of computer security problems.

• Extensive knowledge and proficiency with the Risk Management Framework (RMF) and eMASS
• Extensive knowledge and proficiency with the Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner
• Extensive knowledge and proficiency with the Security Technical Implementation Guide (STIG) implementation and automation tools such as SCAP, STIG Viewer, eMASSter which are often leveraged for automation.
• A strong technical background, ideal candidates must have familiarity in virtualization technologies, basic networking and industry best practices.
• Expert knowledge and proficiency with Cybersecurity best practices.
• Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies.

Security Clearance Level: Top Secret

Location: On Customer Site

US Citizenship Required

DoDD 8570.01M Information Assurance Manager level III baseline certification required.

TESA eligibility/certification required.

GDIT IS YOUR PLACE:

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays