Information System Security Manager (ISSM)

Abacus Technology is seeking an Information System Security Manager (ISSM) to provide cyber and RMF support for the Air Education and Training Command (AETC) at Randolph AFB. This is a full-time position.

Develop and maintain Risk Management Framework (RMF) lifecycle documentation, artifacts, and Authorization to Operate (ATO) package.
• Assist the investment/system Program Manager (PM) with managing and updating all information security process related documentation.
• Utilize available/directed RMF templates to create/document/update required artifacts that include Access Control Plans, Configuration Management Plans, Contingency Plans, Continuity of Operations Plans, Incident Response Plans, etc.
• Initiate or review the Implementation Plan/Security Plan, identify and assess approved security controls, and complete required supporting artifacts for upload into the DoD/AF directed cybersecurity management tool, e.g. eMASS.
• Execute a System Security Plan, conduct validation activities, and compile validation results to retrieve a Security Assessment Report (SAR) and develop/manage Plans of Action and Milestones (POA&M) for each applicable system in the DoD/AF directed cybersecurity management tool, e.g. eMASS.
• Initiate and plan Assessment and Authorization (A&A).
• Select an initial set of baseline security controls and relevant overlays for the Information System.
• Develop and document a system-level strategy for continuous monitoring of employed security controls effectiveness within or inherited by the system, and monitoring of any proposed or actual changes to the system and its operational environment.
• Implement the security controls specified in the security plan in accordance with DoD and AF implementation guidance and the processes and procedures of the AETC FD Process Guide.
• Assess/reassess security controls as determined by the previously developed continuous monitoring strategy and update test results, security plan, SAR, POA&M, and other RMF documentation/artifacts as required.
• Assess, document, and report all security controls.

4+ years experience in cyber security or information assurance. Associate's degree in a related field. Must hold a certification in compliance with DoD 8570 IAM Level II (e.g. CISSP, CISM, CAP, CASP+ CE). Experience managing and updating all information security process related documentation. Experience maintaining responsibility for RMF lifecycle activities and accreditation packages. Experience developing documentation and artifacts and completing RMF lifecycle activities and accreditation packages. Experience implementing the five RMF steps. Experience completing required documentation to satisfy annual FISMA reporting requirements in accordance with AF FISMA reporting guidance. Experience performing ISSM duties. Able to work with people in a team environment and deal effectively with changing project priorities. Must have excellent communications skills and be detail-oriented and self-motivated. Demonstrated strong critical thinking and problem-solving skills. Able to effectively prioritize multiple projects and demonstrate professional customer service skills. Must be a US citizen and hold a current Secret clearance.

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

EOE/M/F/Vet/Disabled