Information Systems Security Manager - Advanced
Excentium, Inc.

St. Louis, Missouri

Posted in IT


This job has expired.

Job Info


Information Systems Security Manager - Advanced

Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.

We have an opportunity for an Information Systems Security Manager- Advanced supporting our corporate needs in the St. Louis, MO area.

MINIMUM CLEARANCE LEVEL: TS/SCI (CI poly required)
CITIZENSHIP: US Citizenship
LOCATION: St. Louis, MO

Position Description:

The Information Systems Security Manager (ISSM) will support information system life cycle activities from scoping systems for new programs and preparing Risk Management Framework packages, to reviewing regular maintenance, support, and upgrades of systems during program execution, to program close-out and de-certification activities. Maintain day-to-day security posture and continuous monitoring of Information Systems (IS) including security event log review and analysis, end user account audits.

Responsibilities

  • Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Systems risk assessment.
  • Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system.
  • Assist the component with staying on track with Core Controls and A-123 control assessment schedules.
  • Work with components to ensure each Risk Based Decisions (RBD's) has a current Waivers.
  • Coordinate with CSS Customer Liaison support, including status of the process and POA&Ms.
  • Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
  • Develop or update the Business Continuity and Contingency Plan for the component.
  • Assist the components with decisions that affect security of their systems and networks.
  • Facilitate preparations for the tri-annual Security Assessment and Authorization (SA&A) component's Information System.
  • Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
  • Review information system infrastructure and application architecture to assess security requirements.
  • Review existing SA&A documentation, Security Assessment Report, and security infrastructure (i.e., IDS, firewalls, vulnerability scan tools, etc.).
  • Assess NIST 800-53, Rev 4. Controls and document results
  • Evaluate and strengthen standard SA&A Documentation.
  • Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities.
  • Based on the risk profile of the analyzed systems, development and documentation of a Plan of Action and Milestones (POA&M) for mitigating those risks.
  • Design and development of comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems.
  • Development of Systems Security Users Guides specific to selected networks, desktop computers, servers, and data base systems; Design, development, and validation of System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
  • Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
  • Design and development of Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems.


Required Qualifications:
  • Qualified candidates must have one of the following IAT, IAM, or IASAE Level 3 certifications:
    • CASP+ CE
    • CCNP Security
    • CISA
    • CISSP (or Associate)
    • GCED
    • GCIH
    • CCSP
    • CISM
    • CISSP (or Associate)
    • GSLC
    • CCISO
    • CISSP-ISSAP
    • CISSP-ISSEP
    • CCSP
  • Bachelor's Degree in Computer Science or related technical discipline, or the equivalent combination of education, technical certifications or training, and work experience.
  • 5+ years' experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
  • 5+ years' experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
  • 5+ years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems.
  • Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA.


Excentium, Inc. is an equal opportunity employer.

Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

We take pride in building a workforce with a strong Veterans focus.


This job has expired.

More IT jobs


Belle Tire
Aurora, Illinois
Posted 15 minutes ago

RTI International
Santa Barbara, California
Posted 15 minutes ago

Heilind
Johnson City, New York
Posted 13 minutes ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.