Information Systems Security Manager (ISSM) I

**Req ID:** RQ195060

**Type of Requisition:** Regular

**Clearance Level Must Be Able to Obtain:** Top Secret SCI + Polygraph

**Public Trust/Other Required:** None

**Job Family:** Information Security

**Skills:**

• Cybersecurity
• Information Security
• Information System Security
• Security Evaluations

**Experience:**

5+ years of related experience

**US Citizenship Required:** Yes

INFORMATION SYSTEM SECURITY MANAGER - I

Location: TUCSON, AZ

TS/SCI clearance is required (must be active/in scope).

The ISSM’s primary role is to serve as an advisor on all matters, technical and otherwise, involving the security of information systems under their purview. The position involves supporting Department of Defense agencies, such as HQ Air Force, Office of the Secretary of Defense, and Military Compartments, within Special Access Programs (SAPs). It provides day-to-day support for Collateral, SCI, and SAP activities.

1. Overseeing development, implementation, and evaluation of information system security policies, with emphasis on integrating existing SAP network infrastructures.
2. Developing and managing operational security policies and guidelines based on the Risk Management Framework (RMF), with a focus on joint operations.
3. Implementing the JSIG authorization process for SAPs.
4. Advising on RMF assessment and authorization issues.
5. Performing risk assessments and providing recommendations to DoD agency clients.
6. Advising government program managers on security testing methodologies.
7. Evaluating authorization documentation and providing recommendations for system authorization.
8. Maintaining a formal Information Systems Security Program.
9. Ensuring cybersecurity training for IAO, network administrators, and other personnel.
10. Developing and reviewing system assessment documentation.
11. Managing procedures for hardware/media sanitization and destruction.
12. Developing security assessment plans and verifying protection features.
13. Maintaining authorization documentation repositories.
14. Establishing a Configuration Control Board (CCB) charter.
15. Creating policies for incident response and investigating security violations.
16. Implementing corrective measures for vulnerabilities or incidents.
17. Defining data ownership, access rights, and handling requirements.
18. Developing security education, training, and awareness programs.
19. Assessing threats and vulnerabilities for additional safeguards.
20. Evaluating system changes and their impact on authorization.
21. Ensuring valid authorization for all system boundaries.
22. Reviewing AIS assessment plans.
23. Coordinating with security officials on external system approvals.
24. Conducting periodic security posture assessments.
25. Managing configuration management for security-relevant changes.
26. Performing security testing using intrusion detection and monitoring tools.
27. Developing system recovery and reconstitution plans.
28. Ensuring authorization documentation is current and accessible.
29. Addressing security requirements throughout the system life cycle.
30. Developing Assured File Transfers (AFT) per JSIG guidelines.
31. Participating in self-inspections.
32. Performing ISSO duties if necessary.

• 5+ years related experience, including roles like ISSO or ISSM.
• Desired SAP experience.
• Bachelor’s degree or equivalent (4 years).

• IAT Level II (or willing to obtain within 6 months).
• TS/SCI clearance, with willingness to obtain CI polygraph.

• Knowledge of DoD, national, and agency security policies.
• Ability to lift up to 50 lbs.

The salary range is approximately $93,500 - $126,500, dependent on experience and location. Benefits include comprehensive health plans, 401(k), flexible work arrangements, and more.