Toyon is seeking an Information System Security Manager. This person will have daily interactions with the security team, program personnel and government representatives. The ISSM leads the information and technology team in the management of information systems assets and the protection of systems from intentional or inadvertent access or destruction. Multiple cross collaboration opportunities are available including local and out of state self-inspections, enterprise-wide working group participation, and providing support to local centers.
DUTIES & RESPONSIBILITIES:
- Actively manage IT personnel and subcontractors to prioritize tasks and ensure compliance with security requirements
- Manage the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction
- Plan, coordinate and implement the overarching IT security program and policies
- Oversee implementation of information systems security tasks, as required for the safeguarding, handling, and controlling of classified and sensitive information
- Guide the development and updating of the system security plan, as well as managing and controlling changes to the system and assessing the security impact of those changes
- Manage all third party IT/IA vendors and suppliers for contract compliance and accurate billing
- Develop and ensure compliance with the Continuous Monitoring (ConMon) Plans (e.g., audit log review, security patching, software and hardware configuration, and change management)
- Conduct physical and virtual reviews and technical inspections to identify and mitigate/remediate potential security weaknesses and ensure that all security features applied to a system are implemented and functional
- Provide IT security assessment and IT security audit functions to ensure FISMA compliance and improve program-wide cybersecurity, according to NIST standards and industry best practices
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- Perform preliminary forensic evaluations of internal systems to include updating Security Plans, SOPs, and testing for successful Assessment and Authorization efforts
- Interface with CISA and DOD to understand their security requirements and oversee the development and implementation of procedures to accommodate them
- Execute Risk Management Framework Assessment and Authorization through DOD
- Act as the primary interface with the Security Controls Assessor (SCA) to achieve and maintain necessary ATOs with a security posture in accordance with DHS 4300, NIST SP 800-53A, and other NIST publications as guidance
- Ensure Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely fashion
- Ensure comprehensive configuration, contingency, and incident response plans are developed for each IT system
- Requires ability to work in a team environment as well as independently and demonstrate excellent problem-solving abilities, be well organized, flexible, and self-motivated
- 3-8 years of related work experience.
- 3-5 years of experience directly managing IT personnel and IT projects.
- Bachelor’s degree in Computer Science, lnformation Systems, Engineering or a related technical discipline or the equivalent combination of education and work experience.
- DoD 8570 IAM Level I and IAT level II certifications required.
- Demonstrated experience with accrediting information systems utilizing DOD and/or DHS Risk Management Framework (RMF) guidelines.
- Demonstrated experience working on classified processing systems and handling classified material.
- Demonstrated experience with Red Hat Enterprise Linux operating system.
- Demonstrated knowledge of Windows (10) and Windows Server operating systems and how Windows systems leverage Microsoft Active Directory for access control, utilize Public Key Infrastructure (PKI), and Group Policy implementation.
- Experience reviewing NESSUS vulnerability scans and reviewing audit logs.
- Demonstrated experience with Defense Information Systems Agency (DISA) security policies and tools, to include Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRG), SCAP Compliance Checker (SCC), and Information Assurance Vulnerability Alerts (IAVA).
- Demonstrated experience with one or more of the following security tools: Splunk, Nessus or Assured Compliance Assessment Solution (ACAS).
U.S. Citizenship Required. Ability to qualify for a US Department of Defense security clearance required.
WE OFFER AN EXCEPTIONAL EMPLOYEE BENEFITS PACKAGE!
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.