Information Systems Security Manager

at BAE Systems USA
Published March 19, 2023
Location Springfield, VA
Category Default  
Job Type Full-time  


Job Description

What's it like to be a part of an innovative company protecting and securing what is important and valuable to us? Amazing! Join BAE Systems Intelligence and Security (I&S) sector and be a part of an innovative team who solves the some of the most complex technical challenges.

We are looking for Information Systems Security Managers (ISSMs) to join a team of Cybersecurity professionals responsible for safeguarding the customer enterprise, monitor the security posture of customer tools and systems, and evaluate baseline and changes to ensure compliance and maintain secure critical information technology (IT) systems.

As an ISSM, you will:

develop and maintain plans, instructions, guidance, and standard operating procedures concerning the security of IT systems operations.

support compliance activities and provide continuous validation of the enterprise security posture

monitor security findings and recommendations and ensure remediation plans are in place for vulnerabilities identified as part of the risk mitigation process

participate in security risk assessments as part of the Security Assessment and Authorization process

coordinate cybersecurity inspections, tests, and reviews for enterprise IT systems.

An ideal candidate will,

advise senior management on policy standards and implementation strategies to ensure compliance with security policies, guidance, and procedures and to protect critical IT Systems

identify IT systems specific security requirements across all phases of the System Life Cycle

practice continuous evaluation, validation, and implementation of improvement actions as needed

review non-compliance to determine patterns and the impact on risk level efficacy the enterprise s cybersecurity program.

Candidate should have a working knowledge of:

cybersecurity principles and specific operational impacts of cybersecurity lapses

computer networking concepts and protocols, network architecture, and network security methodologies.

system life cycle management principles, including security and usability.

current industry methods for performing security assessments and authorization processes (including achieving Certification to Field (CtF) and Authority to Operate (ATO))

handling protocols for sensitive and classified information, and procedures for information compromise

Risk Management Framework (RMF) requirements

incident response and handling methodologies.

enterprise incident response program, roles, and responsibilities.

More senior ISSMs may also,

act as primary contact for the prime and/or customer regarding status of ongoing risk mitigation activities, findings, and implementation of remediation efforts

supervise or manage corrective actions and mitigation efforts when a cybersecurity incident or vulnerability is discovered

advise senior management or Authorizing Official on risk levels and changes affecting the organization s cybersecurity posture

oversee program compliance with customer information security training and awareness requirements.

serve as point of contact for accurate and timely dissemination of incident and other Computer Network Defense information to external organization as appropriate.

Required Education, Experience, & Skills


Associate degree in Computer Science, Engineering, or related technical discipline OR equivalent experience and training from the DoD 8140 Training Repository OR 1 of the following certifications:

Intermediate: CAP or CASP or CCISO or CCSP or CISM or CISSP or Cloud or SSCP


Certification Requirement:

Intermediate/Advanced levels require IAT/IAM/IASAE Level 3 (or higher) certification (e.g. CASP CE, CISA, CISSP (or Associate), GCED, GCIH, CISM, GSLC, CISSP-ISSAP, CISSP-ISSEP)

Entry levels require IAT/IAM/IASAE Level 2 (or higher) certifications (e.g. CAP, CASP, CASP CE, CCNA-Security, CISM, CISSP (or Associate), CSSLP, GICSP, GSEC, GSLC, Security CE, SSCP)

5 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.

2 years of hands-on experience with cybersecurity governance and methodologies

(At least 3 years of relevant roles and 2 years of hands-on experience for entry level applicants)

Experience must include:

creating policies reflecting system security objectives

determine how a security system should works (resilience and dependability) and how it is affected by changes to itself and the environment in which it operates.

Preferred Education, Experience, & Skills

  • Bachelor's degree in Computer Science, Engineering, or related technical discipline

  • AND IAT Level 3 certification (e.g. CASP CE, CISA, GCED, GCIH)

  • CISSP-ISSMP or GSLC certification

10 years of experience as ISSM and related roles such as ISSO, ISSE, SCA, DOAR, etc.

4 years of hands-on experience with cybersecurity governance and methodologies

Information Systems Security Manager


EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression

Drop files here browse files ...