Information Systems Security Manager - Intermediate - OV-MGT-001-2 (NCR)

Information Systems Security Manager - Intermediate

You could be just the right applicant for this job Read all associated information and make sure to apply.

LOCATION : National Capital Region - Washington, DC or Northern Virginia

EXPERIENCE LEVEL : Intermediate

CLEARANCE : TOP SECRET / SCI

WORK ROLE DESCRIPTION :

Responsible for the cybersecurity of a program, organization, system, or enclave.

TASKS :

• T0001 : Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• T0002 : Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
• T0003 : Advise senior management (e.g., Chief Information Officer CIO ) on risk levels and security posture.
• T0004 : Advise senior management (e.g., CIO) on cost / benefit analysis of information security programs, policies, processes, systems, and elements.
• T0005 : Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• T0024 : Collect and maintain data needed to meet system cybersecurity reporting.
• T0025 : Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• T0044 : Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
• T0089 : Ensure that security improvement actions are evaluated, validated, and implemented as required.
• T0091 : Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• T0092 : Ensure that cybersecurity requirements are integrated into the continuity planning for that system and / or organization(s).
• T0093 : Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
• T0095 : Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
• T0097 : Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• T0099 : Evaluate cost / benefit, economic, and risk analysis in decision-making process.
• T0106 : Identify alternative information security strategies to address organizational security objective.
• T0115 : Identify information technology (IT) security program implications of new technologies or technology upgrades.
• T0130 : Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
• T0132 : Interpret and / or approve security requirements relative to the capabilities of new information technologies.
• T0133 : Interpret patterns of noncompliance to determine their impact on levels of risk and / or overall effectiveness of the enterprise's cybersecurity program.
• T0134 : Lead and align information technology (IT) security priorities with the security strategy.
• T0135 : Lead and oversee information security budget, staffing, and contracting.
• T0147 : Manage the monitoring of information security data sources to maintain organizational situational awareness.
• T0148 : Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
• T0149 : Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• T0151 : Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
• T0157 : Oversee the information security training and awareness program.
• T0158 : Participate in an information security risk assessment during the Security Assessment and Authorization process.
• T0159 : Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• T0192 : Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• T0199 : Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
• T0206 : Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

ABILITIES :

• A0128 : Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• A0161 : Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements;

ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).

A0170 : Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

EDUCATION :

Associate degree or higher from an accredited college or university. Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree;

or a degree in a Mathematics or Engineering field.

CERTIFICATION(S) :

CISSP-ISSMP or GSLC - IAT, IAM, or IASAE Level 3

J-18808-Ljbffr