Information Systems Security Manager

The National Academies of Sciences, Engineering, and Medicine value diversity in our members, volunteers, and staff and strive for a culture of inclusion in our workplace and activities. Convening a diverse community to exchange ideas and perspectives enhances the quality of our work and increases our relevance as advisers to the nation about the most complex issues facing the nation and the world.

Keck Center

National Academies of Sciences Engineering Medicine

<br /><br />The National Academies of Sciences, Engineering, and Medicine provide independent, objective advice to inform policy with evidence, spark progress and innovation, and confront challenging issues for the benefit of society. We marshal knowledge and expertise across disciplines to study complex and sometimes contentious issues, reach consensus based on the evidence, and identify the best path forward. https://www.nationalacademies.org/

keywords: about the position,position details,develop security procedures & policy,communication,manage,strategy,audit,coordination,compliance,confidentiality,experience,education,knowledge, skills, and abilities,work environment,training,licenses / certification,compensation

Full time

$97,240 - $151,935

Overview: Requisition Number: R0002197<br /> <br />Develops and administers information security procedures for systems in support of government agencies in the performance of classified programs and projects. Performs self-inspections and ensures compliance with applicable government security policies and procedures. Investigates information system security violations and implements corrective actions. Develops and implements information system security education and awareness programs. Serves and liaison to and interacts with government agencies to ensure compliance with policies and regulations.<br /><br />Acts as a technical expert on program security. Performs work requiring advanced technical knowledge, often involving multiple phases and significant collaboration. Applies in-depth technical knowledge to independently and innovatively solve a full range of complex and sometimes unusual problems that impact organizational success. Brings industry-level expertise to function and recommends changes to remain up-to-date or competitive. Establishes processes and procedures to ensure the effective and efficient operation of a complex function. Has authority to take whatever action deemed advisable or necessary, subject only to organizational and departmental policies and processes. May provide work direction for less senior employees.
Responsibilities: <ul> <li>Develops and administers information security procedures for information systems in support of government agencies in the performance of classified programs and projects.</li> <li>Develops and executes an IT program detailed security policies, plans, and procedures that exceeds customer expectations and minimizes security risks.</li> <li>Serves as management official and point-of-contact for all information system issues involving sensitive and classified information.</li> <li>Manages security controls to ensure confidentiality, integrity, and availability of information and information systems; builds security into the development process and defines security specifications to support the acquisition of new systems, reviews all secure systems procurements to ensure that security has been considered and included.</li> <li>Provides strategic guidance and advice on secure meetings and state-of-the-art conference room technologies.</li> <li>Serves as liaison with program staff and other customers and can respond to short-notice tasks and provides security engineering and integration services to staff and other customers.</li> <li>Investigates information system security violations and prepares reports specifying corrective actions for the current situation and preventative actions to be taken in the future.</li> <li>Proactively coordinates the establishment of system security controls to protect sensitive government and institution information using authentication techniques, encryption, firewalls, and access controls.</li> <li>Maintain systems in accordance with the security plan and Authorization to Operate (ATO).</li> <li>Audits, monitors, and performs self-inspections of applications, systems, and security logs for security threats, vulnerabilities, and suspicious activities.</li> <li>Implement measures to protect data from physical destruction or theft.&nbsp; Ensure that back-up procedures are in place for data recovery.&nbsp;</li> <li>Conducts risk assessments of all systems and mitigates vulnerabilities wherever feasible.</li> <li>Develops and implements information system security training, education, and awareness programs for all system users.</li> <li>Interacts with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with Chapter 8 of NISPOM and other regulations.</li> <li>Ensures compliance with the National Industrial Security Program Operating Manual (NISPOM), DCSA Assessment and Authorization Process Manual (DAAPM), Department of Defense (DoD) regulations, Intelligence Community Directives (ICDs) and Security Technical Implementation Guides (STIGs).</li> <li>Prepares documentation, including Information Security Plans, outlining regulations, and establishing information security policy.</li> <li>Ensures all users have the requisite security clearances, authorization, and Need-to-Know (NTK).</li> <li>Complete required ISSM training within 6 months of hire.</li> <li>Maintains appropriate standard of confidentiality.&nbsp; When handling secure, privileged, sensitive, or confidential information and matters, maintains strict confidence and exercises care to prevent disclosure to others.&nbsp; Accesses confidential information for work-related reasons only, following the policies and procedures of the organization. Ensures that any privileged, sensitive, or confidential information is securely stored, disposed of, and transmitted according to the Institutional guidance.&nbsp;</li> </ul> <p><strong>NONESSENTIAL JOB DUTIES</strong></p> <ul> <li>Related duties and special projects as assigned.</li> </ul> <br />
Requirements: <p><strong>Required Knowledge, Skills, and Abilities:</strong></p> <ul> <li>Thorough understanding of the NISPOM chapter 8 requirements.</li> <li>Experience developing Information Systems security plans, policy, and procedures.</li> <li>Experience configuring laptops/desktops/servers, install applications, setup network infrastructure and troubleshoot as required.</li> <li>Have a strong understanding of computer operating systems (Windows and Linux), software and computer hardware.</li> <li>Experience with Windows account administration, group policy administration, and directory permissions.</li> <li>Experience with Windows Active Directory, Domain Controllers, Certificate Authority, DNS, DHCP, and Windows Update Services.</li> <li>Experience maintaining and auditing Cisco ISE, switches, routers, and firewall.</li> <li>Experience maintaining and auditing Palo Alto Intrusion Detection System.</li> <li>Experience with security event and Incident management utilizing Splunk.</li> <li>Experience with vulnerability management utilizing Tenable Nexus.</li> <li>Experience establishing and maintaining SIPRNet connectivity.</li> <li>Information Systems Security knowledge in system auditing.</li> <li>Lead Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessments (SVA), Command Cyber Readiness Inspections (CCRI) and Other Government Agency (OGA) inspections.</li> <li>Knowledge of the DoD Risk Assessment Methodology (DRAM).</li> <li>Experience with Plan of Actions and Milestones (POA&amp;M) tracking.</li> <li>Experience with a Risk Management Framework (RMF) accreditation processes.</li> <li>Experience working in complex environments with a high degree of organizational effectiveness.</li> <li>Ability to work independently and with a team in a fast-paced environment.</li> <li>Excellent communication skills with a proven ability to effectively interact with all levels of employees, contractors, and customers.</li> </ul> <p><strong>Minimum Education/Training Requirements:</strong> Bachelor&rsquo;s degree in applicable field of Information Technology study including Computer Science or a related field, or equivalent knowledge.</p> <p><strong>Minimum Experience: </strong>Five years of related experience in an information systems security environment.</p> <p><strong>Physical Capabilities:</strong> Ability to work at a computer for extended periods of time.</p> <p><strong>Required Licenses, Certification or Registration:</strong> U.S. Citizenship. Active DoD Top Secret/DOE Q clearance. Possess a DoD 8570 IAM level III baseline certification (CISM, CISSP or other).</p> <p><strong>Supervisory Responsibilities/Controls: </strong>Reports to Director. General direction is provided. Works closely with Information Technology Services (ITS) department.</p> <p><strong>Work Environment:</strong> Office environment with occasional travel between National Academies&rsquo; facilities and to off-site locations.</p> <p><strong>Compensation Range: </strong>The National Academies of Sciences, Engineering, and Medicine support equity, fairness, and transparency in our compensation programs. An estimated compensation range for this position is $97,240 - $151,935. Compensation offered to the selected candidate will be based on the candidate&rsquo;s relevant knowledge, skills, and work experience, commensurate with the compensation of current employees in comparable positions with similar knowledge, skills, and work experience, and subject to budget parameters. Note it is not typical for a candidate to be hired at the higher end of the range.&nbsp;<br /><br /></p> <p><strong>The National Academies&rsquo; Statement on Diversity and Inclusion:<br /></strong>We, the National Academies of Sciences, Engineering, and Medicine (the National Academies), value diversity among our staff, members, volunteers, partners, vendors, and audiences. We recognize that talent is broadly distributed in society and that many perspectives enhance the quality of our work and drive innovation and impact.</p> <p>We pledge to cultivate a workplace culture and climate that promotes inclusion, belonging, accessibility, and anti-racism; upholds equity; and values the participation of all who are engaged in advancing our mission. By embracing the values of diversity, equity, and inclusion in our programs, institutional policies and practices, and products, we will be able to better advise the nation on the most complex issues facing society and the world.&nbsp;</p>