Senior Information System Security Manager (ISSM)/Alternate Security Control Assessor (SCA)

Title:

Belong. Connect. Grow. with KBR!

KBR’s National Security Solutions team (NSS) provides high-end engineering and advanced technology solutions to our customers in the intelligence and national security communities. In this position, your work will have a profound impact on the country’s most critical role – protecting our national security.

KBR is seeking a Senior Information System Security Manager (ISSM) / Alternate Security Control Assessor (SCA) to join our team Alexandria, VA (TRMC - Mark Center.)

This position is Hybrid Remote, the ISSM must reside in the area of the position and be able to go into the DoD installation space for meetings and work on an ad-hoc and sometimes immediate basis.

Why Join Us?

• Innovative Projects:KBR’s work is at the forefront of engineering, logistics, operations, science, program management, mission IT and cybersecurity solutions.
• Collaborative Environment:Be part of a dynamic team that thrives on collaboration and innovation, fostering a supportive and intellectually stimulating workplace.
• Impactful Work:Your contributions will be pivotal in designing and optimizing defense systems that ensure national security and shape the future of space defense.

The selected applicant will provide cybersecurity and Risk Management Framework (RMF) support to systems and applications for the Test Resource Management Center (TRMC). This position will be the senior ISSM position for the Command. You will work with military, government, and contractor personnel to provide technical and policy direction grounded in Department of Defense (DoD) policy, and act as the Subject Matter Expert (SME) with the cybersecurity domain and lead ISSMs. The applicant will, at times, be the liaison between end users, application developers, and senior leadership within the DoD and across the Test and Evaluation community.

Applicants Duties include:

• Deliver documentation to include: Executive level briefings, Security Assessments and Evaluations, Security Assessment Reports
• Review Cybersecurity RMF Packages for Completeness, Accuracy
• Oversee the implementation and maintenance of TRMC Assess and Authorize procedures and relevant policies ensuring it is properly implemented and maintained across all systems
• Ensure Cyber Strategies are properly conducted and briefed to Government Leadership
• Manage documentation and mentor ISSMs to complete documentation accurately and similarly per TRMC A&A procedures
• Assist SCA and TRMC Cybersecurity Lead in developing a RMF training plan for our team, but also for other teams and organizations in the Research Development Test and Evaluation (RDT&E) Community
• Collaborate with stakeholders, systems owners, authorizing officials and ISSMs to ensure effective risk management is in place.
• Work directly with the TRMC SISO on all TRMC RMF packages and ATO Status updates
• Responsible for auditing all artifacts provided in each RMF package to determine system readiness for ATO packet submissions.
• Provide recommendations to the SISO, PM, and AO regarding remediation and mitigation of identified vulnerabilities on test reports and plan of action and milestones (POA&Ms).
• Monitor system status updates and report to senior leadership.
  • Includes monthly executive reports, vulnerability reports, JFHQ DODIN reporting and briefing.
  • Monthly executive briefing to SISO, PM on security metrics
• Interface with PMs and SISO on issues needing input/concurrence
• Work directly with a distributed team to reduce travel
• Travel 25% of time

Basic Qualifications:

• Must have an active U.S. government TS/SCI security clearance to be considered for this position
• A minimum of 10 years of Information Technology Information Assurance, or Cyber Security engineering experience.
• a minimum of 5 years of experience in conducting security assessments by reviewing security controls with the ISSO/ISSM and guide programs through RMF process.
• Bachelor’s Degree in Engineering, Computer Science, or 8 years IT field experience in lieu of degree; Master’s Degree preferred
• Must be DoD 8140 compliant
• Preferred certifications: CISSP, ISSMP, GSLC, CAP, CASP+, CCISO CCSP, CISM, CISSP, Cloud+ or SSCP
• Proven expertise with assessing security controls in accordance with NIST Special Publications (i.e.: NIST 800 Series)
• Proven in-depth knowledge of Cybersecurity principles technologies, and processes.
• Experience with NIST 800-53, Security Development
• Familiarity with performing assessments for Unclassified and Classified environments
• Ability to adapt to process changes
• Ability to interface with senior leadership
• Ability to support high visibility or high priority projects
• Possession of excellent oral and written communication skills

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.