CISSP Jobs - Manager, Corporate ISSM, 14220

at RAND Corporation
Location Santa Monica, CA
Date Posted August 21, 2019
Category Default
Job Type Full-time


The Project Manager and Corporate Information Systems Security Manager (ISSM) is responsible for delivering classified systems projects on time and within budget and scope while also providing oversight of all of RAND Corporation’s Authorization and Accreditation (A&A) requirements which include maintaining policies and procedures, Command Cyber Readiness Inspection (CCRI) and Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessment (SVA) readiness by collaborating with the ISSMs at RAND facilities.  Additionally, the position will ensure that all classified information systems remain accredited; executes required functions as defined by the DCSA A&A Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICD)/Joint Air Force, Army, and Navy (JAFAN) standards, and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the Director, Corporate Security & Safety, Security Managers, Facility Security Officers (FSO) and services for individuals within the accredited systems.

Duties May Include:

  • Coordinates internal resources and third parties/vendors for the execution of classified systems projects
    • Ensures that all projects are delivered on-time, within scope and within budget
    • Develops project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility
    • Develops a detailed project plan to track progress using appropriate verification techniques to manage changes in project scope, schedule and costs
    • Performs risk management to minimize project risks
  • Leads the implementation and monitoring of the NISPOM & DCSA A&A Process Manual (DAAPM), ICD’s, RAND’s Security Manual and procedures, and DoD and other applicable government sponsor regulations for classified systems
    • Develops corporate policies to support and enforce DCSA, DISA, ICD/JAFAN, and NISPOM standards
    • Enforces compliance with current Security Technical Implementation Guides (STIGs) for all applicable systems
  • Establishes, communicates, and improves the classified Information Systems (IS) Security Program
    • Leads and is responsible for the preparation and sustainment for internal self-inspections, DCSA, DISA, DIA and other government Inspections
    • Assesses changes by performing periodic self-inspections, tests and reviews of the classified IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed (leads the effort and ensures that corrective action is taken for all identified findings and vulnerabilities for each site)
    • Manages the development of standard computer configurations to meet RAND business needs for classified systems
  • Participates in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for classified systems
  • Establishes and ensures protocols are followed for the investigation(s) and resolution of security incidents
  • Directs other ISSMs, ISSOs and system administrators to ensure audit functions are performed properly and ensures administrative inquiries/investigations into anomalies found during audit trail analysis are initiated/completed
  • Manages and reviews performance of ISSMs
  • Develops and implements the Master System Security Plans (MSSP), Information System Profile, Network System Security Plan (SSP) and addendums for the facility, and reviews other RAND facilities plans for consistency
  • Chairs the RAND classified computer support/configuration control review board
  • Interfaces with and supports clients in the operation and security of the classified systems



Basic Qualifications:

  •  Must have and maintain a DoD 8570 (Information Assurance Workforce) IAM level 2 certification (e.g. GSLC, CISM, or CISSP)
  • Must have successfully completed Risk Management Framework (RMF) training course from DCSA
  • Experience in software development and web technologies; able to configure laptops/desktops, install applications, setup networks infrastructure and troubleshoot as required.
  • Excellent oral and written communication skills
  • Working knowledge of the DAAPM, NISPOM, ISFO Process Manual, ICD’s, JAFAN and associated industrial security regulations, policies, STIGs and laws
  • Extensive knowledge of federal government network security processes and procedures
  • Strong understanding of operating system (PC, Mac, Linux) and audit log aggregator software
  • Familiar with encryption technologies, forensics, penetration and vulnerability analysis of various security technologies and information technology security research
  • Must be able to pass a background check


Education Requirements

BS/BA in Computer Science, Engineering, or related field required.



A minimum of 9 years of relevant experience required.


Security Clearance

Must hold and maintain a Top Secret government security clearance with SCI eligibility



Santa Monica, Pittsburgh, or Washington, DC


Positions Open





RAND is an Equal Opportunity Employer–minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity

Only registered members can apply for jobs.