Information Systems Security Manager

The Information Systems Security Manager (ISSM) is responsible for implementing and overseeing cyber hygiene for all refugee operational activities within the Refugee Processing Center (RPC). Reporting directly to the Project Manager and Deputy Project Manager for the RPC project.

• Supports the PM and DPM in executing the RPC project.
• Ensure that all IT systems are compliant with NIST, FISMA, and other governmental security requirements.
• Lead the development and implementation of the System Security Plan (SSP) and all associated documentation required for the RMF Assessment and Authorization process.
• Collaborate closely with Authorizing Officials representatives, stakeholders, and subject matter experts to gather the necessary information and ensure compliance with all applicable security policies and guidelines.
• Manage, develop, and execute Continuous monitoring plan to ensure all FISMA systems remain compliant by actively participating in the IT change management process. Assess and provide mitigation recommendations for potential security risks associated with system changes.
• Coordinate with system owners and information owners to ensure seamless and secure implementation of changes to the system.
• Conduct thorough assessments of the security or privacy impact resulting from system changes, providing recommendations and guidance for mitigating any identified risks or vulnerabilities.
• Collaborate with cross-functional teams to identify, evaluate, and implement necessary security controls.
• Provide expert guidance and support to project teams regarding security requirements during system development, integration, and maintenance phases.
• Coordinate with cross-functional teams to ensure that security controls are integrated into system architectures and configurations.
• Collaborate with Department of State and/or external auditors during security assessments and audits.
• Manage the Plan of Actions and Milestones (POA&M) process, ensuring that identified security weaknesses are promptly documented, tracked, and remediated.
• Provide timely and accurate information in response to data calls and queries from internal and external partners.
• Interpret interdepartmental and government directives related to security requirements and communicate these directives effectively.
• Facilitate cross-team communication to ensure that security-related issues are addressed in a timely manner.
• Monitor and assess the impact of interdepartmental and government directives on existing systems.
• Collaborate with relevant teams to implement action plans for timely remediation of security vulnerabilities.
• Stay informed about emerging security trends, changes in regulations, and industry best practices.
• Guide and manage the ISSO team to ensure optimal performance.
• Oversee user access processes to ensure operational integrity of the system.
• Prepare and present regular reports detailing the status of the IT security landscape.
• Perform complex product evaluations and recommend security solutions.
• Review, recommend, and oversee the installation or modification of hardware or software components affecting security.
• Research, evaluate, and recommend new security tools and techniques.
• Serve as an A/ISSO for RPC and liaison between the RPC and Department of State IRM/IA.
• Collaborate with Change, Problem, and Release Management for security impacts.
• Review new security solution designs and specifications for readiness.
• Provide recommendations to the PM, DPM, and government client.
• Present recommendations to CISO as needed.

• US citizen with the ability to obtain a Secret or Top Secret/SCI security clearance.
• BS degree in Computer Science, or related fields, or 10+ years of experience as an ISSO in lieu of a Bachelor’s degree.
• CISSP certification is required.
• PMP certification is preferred.
• Minimum of five (5) years of progressive management experience.
• At least ten (10) years of hands-on experience in developing and implementing RMF framework and A&A processes.
• Ability to prepare management, business, technical, and personnel reports for internal and external use.
• Broad knowledge and experience with Security and System Architecture.
• Understanding of industry security policies, regulations, and guidelines such as NIST, FISMA, and SANs top 20 controls.
• Knowledge of change control and management processes, project management, and Security Policy.
• Knowledge of ports, protocols, and the OSI Model.
• Knowledge of security capabilities such as e-forensics, logging/SIEM, risk management, PKI, and endpoint security.
• Experience conducting analysis and providing recommendations on security capabilities.
• Excellent communication skills to convey complex security concepts to diverse stakeholders.
• Experience with IP networking, networking protocols, and security-related technologies.
• Experience with internet, web, application, and network security techniques.
• Experience with relevant operating system security (Windows, Solaris, Linux, etc.).
• Strong analytical and problem-solving skills.
• Ability to perform and interpret vulnerability assessments.
• Ability to balance and prioritize work in a team environment.
• Experience with the Federal government, preferably with Department of State or DHS.