Information Systems Security Manager
|Published||March 19, 2023|
What's it like to be a part of an innovative company protecting and securing what is important and valuable to us? Amazing! Join BAE Systems Intelligence and Security (I&S) sector and be a part of an innovative team who solves the some of the most complex technical challenges.
We are looking for Information Systems Security Managers (ISSMs) to join a team of Cybersecurity professionals responsible for safeguarding the customer enterprise, monitor the security posture of customer tools and systems, and evaluate baseline and changes to ensure compliance and maintain secure critical information technology (IT) systems.
As an ISSM, you will:
develop and maintain plans, instructions, guidance, and standard operating procedures concerning the security of IT systems operations.
support compliance activities and provide continuous validation of the enterprise security posture
monitor security findings and recommendations and ensure remediation plans are in place for vulnerabilities identified as part of the risk mitigation process
participate in security risk assessments as part of the Security Assessment and Authorization process
coordinate cybersecurity inspections, tests, and reviews for enterprise IT systems.
An ideal candidate will,
advise senior management on policy standards and implementation strategies to ensure compliance with security policies, guidance, and procedures and to protect critical IT Systems
identify IT systems specific security requirements across all phases of the System Life Cycle
practice continuous evaluation, validation, and implementation of improvement actions as needed
review non-compliance to determine patterns and the impact on risk level efficacy the enterprise s cybersecurity program.
Candidate should have a working knowledge of:
cybersecurity principles and specific operational impacts of cybersecurity lapses
computer networking concepts and protocols, network architecture, and network security methodologies.
system life cycle management principles, including security and usability.
current industry methods for performing security assessments and authorization processes (including achieving Certification to Field (CtF) and Authority to Operate (ATO))
handling protocols for sensitive and classified information, and procedures for information compromise
Risk Management Framework (RMF) requirements
incident response and handling methodologies.
enterprise incident response program, roles, and responsibilities.
More senior ISSMs may also,
act as primary contact for the prime and/or customer regarding status of ongoing risk mitigation activities, findings, and implementation of remediation efforts
supervise or manage corrective actions and mitigation efforts when a cybersecurity incident or vulnerability is discovered
advise senior management or Authorizing Official on risk levels and changes affecting the organization s cybersecurity posture
oversee program compliance with customer information security training and awareness requirements.
serve as point of contact for accurate and timely dissemination of incident and other Computer Network Defense information to external organization as appropriate.
Required Education, Experience, & Skills
Associate degree in Computer Science, Engineering, or related technical discipline OR equivalent experience and training from the DoD 8140 Training Repository OR 1 of the following certifications:
Intermediate: CAP or CASP or CCISO or CCSP or CISM or CISSP or Cloud or SSCP
Advanced: CISSP-ISSMP or GSLC
Intermediate/Advanced levels require IAT/IAM/IASAE Level 3 (or higher) certification (e.g. CASP CE, CISA, CISSP (or Associate), GCED, GCIH, CISM, GSLC, CISSP-ISSAP, CISSP-ISSEP)
Entry levels require IAT/IAM/IASAE Level 2 (or higher) certifications (e.g. CAP, CASP, CASP CE, CCNA-Security, CISM, CISSP (or Associate), CSSLP, GICSP, GSEC, GSLC, Security CE, SSCP)
5 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.
2 years of hands-on experience with cybersecurity governance and methodologies
(At least 3 years of relevant roles and 2 years of hands-on experience for entry level applicants)
Experience must include:
creating policies reflecting system security objectives
determine how a security system should works (resilience and dependability) and how it is affected by changes to itself and the environment in which it operates.
Preferred Education, Experience, & Skills
Bachelor's degree in Computer Science, Engineering, or related technical discipline
AND IAT Level 3 certification (e.g. CASP CE, CISA, GCED, GCIH)
CISSP-ISSMP or GSLC certification
10 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.
4 years of hands-on experience with cybersecurity governance and methodologies
Information Systems Security Manager
EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression