Information Systems Security Manager
The Information Systems Security Manager provides support to the Air Force Civil Engineering (AFCE) Program Management Office (PMO). This position develops security documentation, process requirements, and system-level risk assessments of all existing documentation.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.
Develops Certification and Accreditation Program (C&A) documentation for assigned systems.
Utilizes Air Force Certification and Accreditation Program (AFCAP) or Risk Management Framework (RMF) process requirements.
Works in coordination and guidance of the Designated Accreditation Authority (DAA).
Coordinates activities with the lead IAM, Program Manager and lead engineer.
Completes system-level risk assessments of all existing documentation to identify gaps in Information Assurance objectives and security compliance and updates to ensure compliance is maintained as necessary.
Identifies mandated DISA Security Technical Implementation Guides (STIGs) and NSA System Network and Attack Center (SNAC) Configuration Guides.
Conducts security verification and validation testing. Reports all results and makes recommendations.
Supports code scan using automated testing tools (IE. Fortify, SonarQube, and AppScan).
Identifies and documents the gap analysis between the security controls and the STIGs/SNAC for all system-level components.
Provides re-certification and annual review requirements support for Initial Security Certifications. Provides quarterly updates to the Plan of Action and Milestones and assists with annual testing and evaluation of the Contingency Plan.
Provides support for updating and maintaining current system information or for equivalent replacement system.
Responsible for aiding in own self-development by being available and receptive to any training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output. Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
Bachelor’s degree and five (5) years’ of experience or equivalent combination of education / experience. Experience with RMF, scanning remediation Fortify, Checkmarx, AppScan and ESPS.
CERTIFICATES / LICENSES / REGISTRATION
Ability to obtain a security clearance if required
Must hold at least one of the DoD Approved Certifications: CAP, GSLC, or Security+ CE CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CISM or SSCP
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Proficiency in document development with ability to implement a high degree of professional judgment and a clear understanding of the information to be communicated
Excellent creative development skills with ability to quickly comprehend technical information and translate ideas / concepts into a finished document
Excellent research and analytical skills
Excellent computer skills with proficiency using Microsoft Office Suite (i.e., Outlook, Word, Excel, PowerPoint, etc.)
Ability to respond to requests in a professional, helpful and timely manner
Ability to identify problems and to use sound judgment
Outstanding communication, organization, and problem solving skills
Proven ability to manage and prioritize multiple, diverse projects simultaneously
Ability to be flexible, independent and self-motivated
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.