Information Security Manager

Job Description

ASRC Federal Communications is seeking an Information Security Team Lead, IA Team with excellent customer service skillsto support our Unified Cyber Situational Awareness (UCSA) contract with the Defense Information Systems Agency (DISA).

This position is responsible for all activities relating to information assurance procedures and systems. Manages a team of seven Information Assurance Analysts supporting ten ATOs.

Develops information systems assurance programs and control guidelines. Confers with and advises other section leaders regarding administrative policies, internal controls, and security procedures, resolving technical problems, priorities, and methods.

Prepares activity and progress reports relating to the information systems audit function.

Duties and Responsibilities :

• Development and maintenance of the UCSA Information Security Plan.
• Categorization and assignment of security controls in Enterprise Mission Assurance Support Service (eMass).
• Creation and maintenance of the A&A package in eMass.
• Coordination on inherited security controls within eMass.
• Management and update of DoD Information Technology Portfolio Repository entries.
• Ports, Protocols, & Services Management.
• Processes required to achieve and maintain all Authority to Operate (ATO) & Interim Authority to Test (IATT) approvals.
• Reporting on Federal Information Security Management Act (FISMA).
• Connection Approval Process and Command Communications Service Designator assignment and management.
• Creation and management of all Plan of Action and Milestones.
• Management and oversight for Security Technical Implementation Guide (STIG) / Information Assurance Vulnerability Alert (IAVA) compliance.
• Compliance and management of Security Incident Response Cyber Security Service Provider (CSSP).
• Scanning and compliance activities associated with Assured Compliance Assessment Solution (ACAS).
• Review and compliance activities associate with Continuous Monitoring and Risk Scoring / RMF.
• Creation and Management of System Identification Profile, DIACAP Implementation Plan (DIP) scorecard within eMass, and creation and management of all artifacts tied to security controls within eMass.
• Provides team supervision and management. Prioritizes and tracks team tasks.

Requirements

Required Skills and Qualifications

• Experience leading high performing teams in a dynamic environment.
• Knowledge of and experience with DISA and DISA RME preferred.
• Local to the Pensacola, Fl area with the ability to be onsite as needed, at least two days per week, which could increase depending on mission requirements.
• Significant experience with DoD RMF, DIACAP or NIST Risk Management Framework (RMF).
• Experience with information assurance including accreditation and security testing as well as evaluation, implementation, and execution of security engineering practices in the Systems and Software Development Life Cycle (SDLC) process.
• Knowledge of technical DoD, IC, and national level system security initiatives supporting Local Area Network (LAN), Wide Area Network (WAN), Cross Domain Solutions (CDS), and Cloud technologies, providing subject matter expertise in overcoming technical obstacles and questions.
• Knowledge of Computer Network Defense (CND) policies, procedures, and regulations
• Knowledge of defense-in-depth principles and network security architecture
• Knowledge of boundary protection and enclaving
• Knowledge of authentication and access management technologies
• Ability to provide strategic guidance regarding Cybersecurity reviews, including generation of security artifacts, such as security plans, POA&M, and security CONOPS.

Desired Skills and Qualifications

• Knowledge of several of the following areas is required : Understanding of business security practices and procedures;
• current security tools available; hardware / software security implementation; different communication protocols; encryption techniques / tools;

familiarity with commercial products, and current lab infrastructure technology.

• Excellent writing skills
• Experience with Splunk, Tenable Nessus
• ITIL Certification and experience

Education :

• Bachelor's Degree in related field
• Active Dod 8570 IA baseline security certification for IAT Level II ( Security+ CE, CISSP)

Experience :

• 10 years of experience includes :
• 6+ years Risk Management Framework (RMF), Required
• 4+ years as an Information System Security Officer (ISSO) or Manager (ISSM)
• Previous leadership role in RMF or FedRamp accreditation process

Clearance Requirements :

• The selected candidate must have an active Secret clearance.
• US Citizenship is Required.
30+ days ago