Information Systems Security Manager

Penn State University

Read on to find out what you will need to succeed in this position, including skills, qualifications, and experience.

Penn State is a major, public, research-I university serving Pennsylvania and the global community. Learn more about our undergraduate, graduate, and doctoral degree programs.

JOB DESCRIPTION AND POSITION REQUIREMENTS :

We are seeking an experienced, self-motivated cybersecurity professional to join the Cybersecurity Division’s management team at the Applied Research Laboratory (ARL) at Penn State University.

ARL’s purpose is to research and develop innovative solutions to challenging scientific, engineering, and technology problems in support of the Navy, the Department of Defense (DoD), and the Intel Community (IC).

As Information Systems Security Manager (ISSM) for research and administrative classified networks, you will lead a team of cybersecurity professionals responsible for maintaining compliance, developing and maintaining security documentation, providing recommendations for system, network, and application design, risk assessments, auditing processes, vulnerability assessments, and ensuring effective and efficient integration into operational team processes.

You are also responsible for policy recommendation and policy development proposed to ARL leadership.

This is an excellent opportunity for a leader passionate regarding the cybersecurity field, excited to mentor other cybersecurity professionals, and interested in contributing to high-impact projects in a collaborative, multi-disciplinary culture that values innovation, communication, and problem-solving.

ARL is an authorized DoD SkillBridge partner and welcomes all transitioning military members to apply.

You will :

Develop, validate, submit, and maintain security documentation, including information system security plans, certification, accreditation, and authorization packages, and plans of action and milestones in support of compliance requirements.

Oversee development and implementation of risk assessments against information systems in all phases of their lifecycles.

Monitor and assist in the assessment and review of current and new systems and networks to ensure compliance with current cybersecurity policies, concepts, and measures.

Develop training material related to security compliance and audit requirements to assist employees in individual compliance / audits as applicable.

Assist in technical requirements such as vulnerability scanning, security / event log review, network analysis, security configuration review, and incident response as needed.

Minimum requirements include a Bachelor’s degree with 8+ years of relevant experience, including 3+ years of supervisory experience or an equivalent combination of education and experience.

Required skills / experience areas include :

Current eligibility for access to classified information at the Secret level and will be subject to a government background investigation to upgrade clearance eligibility.

Experience with Assessment and Authorization systems and networks using Risk Management Framework (RMF).

NIST / ISO standards (eg. 800-53), Department of Defense directives, DISA STIG, and regulatory requirements.

Strong technical background and significant experience with multiple operating systems, including Windows and Linux.

Development of policies, procedures, plan of action and milestones, risk assessments, and security plans with experience of continuous monitoring for compliance.

Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.

Management or leadership experience in the IT and security space.

Ability to obtain and maintain information security related certifications (eg. Security+ and CISSP); must obtain within six months of assuming role.

Demonstrated ability to work through complex problems, using proper steps to analyze, define, and formulate ideas to reach a solution.

Success in an environment where various forms of communication and organizational skills were crucial to be effective.

Previous success with collaborations in a diverse, multi-disciplinary, team-oriented culture.

Preferred skills / experience areas include :

Vulnerability scanning and mitigation utilizing Nessus, Retina, GFI Languard, or similar tool.

Experience with networking fundamentals including various concepts, tools, and administrative functions.

SEIM management or use for analysis, such as Splunk, ELK, or Alienvault.

VMWare and management of Virtual Machines.

Training material development.

Your working location will be hybrid on-site / work from home, located in State College, PA. Questions related to flexible work should be directed to the hiring manager during the interview process.

Occasional travel to satellite offices may be required.

You will be subject to a government security investigation, and you must be a U.S. citizen to apply. Employment with the ARL will require successful completion of a pre-employment drug screen.

ARL is committed to diversity, equity, and inclusion; we believe this is central to our success as a Department of Defense designated University Affiliated Research Center (UARC).

We are at our best when we draw on the talents of all parts of society, and our greatest accomplishments are achieved when diverse perspectives are part of our workforce.

The proposed salary range may be impacted by geographic differential.

The salary range for this position, including all possible grades is : $97,100.00 - $145,700.00.

Employment with the University will require successful completion of background check(s) in accordance with University policies.

EEO IS THE LAW

Penn State is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

J-18808-Ljbffr