Abacus Technology
Information Systems Security Manager (ISSM)
Abacus Technology, Hanscom Air Force Base, Massachusetts
Information Systems Security Manager (ISSM) Job Locations US-MA-Hanscom AFB Job ID 2024-7835 Overview Abacus Technology is seeking an Information System Security Manager (ISSM) to ensure system and application deliverables meet all required cyber security policies and regulations for the Technical Advisory and Assistance Services (TAAS) program at Hanscom AFB. This is a full-time position. Responsibilities Support system/application Assessment and Authorization (A&A) efforts, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing National, DoD, and Department of the Air Force policies (i.e., RMF). Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data. Conduct risk and vulnerability assessments and inspections of planned and installed information systems to identify vulnerabilities, risks, and protection needs. Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards. Evaluate system sources of changes such as Deficiency Reports (DRs), Problem Reports (PRs), Change Requests/Proposals (CRs/CPs), and AF Form 1067s; provide inputs to the root cause analysis reporting and the formulation of recommended solution from alternatives; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system's RMF artifacts. Review and provide inputs to modification packages, program/system documents and support agreements updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management; implementation of technical, managerial, operational requirements; and support requirements (e.g. planning, testing, test infrastructure, documentation, training, etc.) are identified. Review system test plans and test results and if necessary, observe system testing for security control implementation in accordance with cybersecurity policies, guidance, and plan. Perform security impact analysis on any system change and appropriately prepare letters of assurance, security impact letters, and risk assessment letters to include exceptions, deviations, or waivers to cybersecurity requirements when applicable. Continuously monitor intelligence and open-source information for vulnerabilities affecting systems, assess risk, and provide POA&M recommendations. Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Conduct systems security monitoring, evaluations, audits, and reviews. Recommend systems security contingency plans and disaster recovery procedures. Recommend and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Participate in network and systems (to include cryptographic) design to ensure implementation of appropriate systems security policies. Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes. Assess security events to determine impact and implementing corrective actions. Ensure the rigorous application of cybersecurity and cryptographic policies, principles, and practices throughout the system development lifecycle. Author, monitor, and record system information in applicable databases. Prepare and record system, security status, and portfolio management information into the Air Force Information Technology Investment Portfolio Suite (referred to as ITIPS) for FISMA; Security, Interoperability, Supportability, Sustainability, Usability (SISSU); Clinger Cohen Act; and other statutory compliance. Author, review, certify, and/or maintain security management plans and RMF package artifacts including but not limited to: RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Vulnerability Management Plans, Common Control Packages, Security Concepts of Operations, OPSEC Plans, Authority-to-Connect guest system packages, and other system/network security related documents. Support and assist external teams in the evaluation of systems Cybersecurity posture to include teams performing non-regular cyber tests, war-games, cyber penetration tests, and cyber studies conducted by the NSA, DISA, Air Force Audit Agency, or other organizations. Support the development, coordination, and implementation of cybersecurity-related special projects and taskers, e.g., Defensive Cyber Operations (DCO), Higher Headquarter requests, Notice to Airmen (NOTAMs), Technical Change Orders (TCOs), System Program Office (SPO), 16th AF, USSTRATCOM, USCYBERCOM, SAF/A6, SpOC/S6, AFGSC/A6, 460 Space Wing, and AFNWC/NC efforts. Qualifications 10 years experience in cyber security or information assurance. Bachelor's degree in a related field. Must hold one of the following certifications: CISSP, CISM, GSLC, or CCISO. Experience with the certification and accreditation process. Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems. Knowledge of intrusion prevention and network access control tools/systems. Understanding of system audit principles and security risk assessment. Strong understanding of security policy advocated by the U.S. Government including the Department of Defense and appropriate civil agencies, e.g., NIST. Able to perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Knowledge of cryptography and cryptographic key management concepts. General experience includes development of both common user and special purpose command and control/information systems with increasing responsibilities in the scope and magnitude of the systems for which solutions have been implemented. Must have a solid understanding of network infrastructure and mission assurance. Familiar with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must have solid communications skills and be capable of working with all levels of an organization. Must be a US Citizen and hold a current Top Secret clearance. Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information. EOE/M/F/Vet/Disabled