Information System Security Manager Job Description
Information system security manager
provides physical security project management supporting Industrial Security ICD 705, NISPOM, and Corporate compliant enterprise-wide physical security systems.
Information System Security Manager Duties & Responsibilities
To write an effective information system security manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information system security manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Perform analysis of network security, based upon the DCID 6/3, DITSCAP, DIACAP, and NISPOM Chapter 8 certification and accreditation process
Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and follow GCN and system security policies and procedures
Tests and evaluates periodically the effectiveness of information security policies, procedures, and practices in accordance with GCN System Security Plan, ST&E, and risk management frameworks implemented by policy or contract requirement
Ensure that security-related decisions and information, including updates to GCN security policies and related publications, are distributed to Information System Security Officers (ISSO), GCN security practitioners, and other appropriate persons within the organization
Ensure security awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code or other adverse IS conditions
Initiate, with ISSM or CSO approval, protective and corrective measures when a security incident or vulnerability is discovered
Conduct security reviews of electronic devices (e.g., portable electronic devices (PEDs), laptops, tablets, ) prior to and when exiting FBI space
Ensure that all IAOs, network administrators, and other AIS personnel receive the necessary technical and security training to carry out their duties
This position will require the successful completion of a polygraph examination
This position will require the candidate to obtain and maintain an IA Professional certification
Information System Security Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information System Security Manager
List any licenses or certifications required by the position: CISSP, IAM, II, IA, III, ITIL, IAT, CISM, CEH, GSLC
Education for Information System Security Manager
Typically a job would require a certain level of education.
Employers hiring for the information system security manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Technical, Information Technology, Supervision, Information Assurance, Information Systems, Security Management, Military, Science
Skills for Information System Security Manager
Desired skills for information system security manager include:
Microsoft Office
Classified IS operation
NISPOM
NISPOM and DAAPM
Information systems security in order to assure enforcement of company and government regulations
System functions
ICD 503 and RMF
NIST 800-53
Operational security measures
Security policies
Desired experience for information system security manager includes:
3 Yrs+ experience in ISMS Manager
Full understanding of ISO27001
Understanding of Global Security Criteria such as Cybersecurity, Knowledge Assurance
Communication skill with top managements to ground floor
Good in Excel / Power Point / Word
System lifestyle management
Information System Security Manager Examples
1
Information System Security Manager Job Description
Job Description Example
Our company is looking for an information system security manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information system security manager
- Establish, document, and monitor the IS Security Program and related procedures for all facilities and ensures facility compliance with requirements for IS
- Collects and reports unique local threats/vulnerabilities to IS
- Respond to Government reporting requirements as directed
- Ensure that periodic self-inspections of all facility's IS Programs are conducted as part of the overall facility self-inspection program and that corrective action is taken for all identified findings and vulnerabilities
- Interpret & integrate DoD / Air Force Policies, Instructions, Directives, Manuals, Technical Orders into information system security requirements, training programs, and local maintenance / monitoring procedures
- Negotiate security control requirements / control tailoring with SCAs, Authorizing Officials, Vulnerability Assessment Teams, Program Managers and general compliance inspection teams
- Lead and organize Assessment & Authorization activities
- Organize security related priorities, develop accountable schedule projections, manage conflict resolution, present to/ advise Senior Military and Civilian leaders
- Review, edit and prioritize information system documentation (SSPs, SCTMs, Certification Test Procedures, Plans of Action & Milestones, Risk Assessment Reports, CONOPS, ancillary plans)
- Enforce configuration/change management requirements
Qualifications for information system security manager
- DoD 8570.1M compliant Professional Certification
- Technical bachelor's degree and typically 9 or more years' related work experience or a Master's degree with typically 7 or more years' or a PhD degree with typically 4 or more years' related work experience or an equivalent combination of education and experience
- Current and Active Top Secret/SCI clearance
- Must possess current Security+, or higher (CISSP preferred) to be considered for this position
- Minimum of 5-7 years of related work experience in Information Technology
- Active Security Clearance required (Secret)
2
Information System Security Manager Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of information system security manager. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for information system security manager
- Approve and/or validates all GCN information system security reporting
- Manages Cybersecurity resources as directed by senior managers, including oversight and review of Cybersecurity budget items
- Reviews and approves the security of hardware and software prior to implementation into the GCN enterprise
- Tests GCN security implementation
- Implements and manages Plan of Action and Milestones (POAM) for the GCN
- Reviews and directs the maintenance of an inventory of all GCN information systems
- Ensures that an Information System Security Officers (ISSO) is appointed for any systems managed as required by program managers
- Reviews and approves an Information System Security Officer (ISSO) for the GCN
- Manage IT Security projects from start up to project sunset and required maintenance and sustainment phase
- Administer "assessment and authorization/ certification and accreditation" processes in accordance with U.S. Government requirements, including but not limited to MSSPs, SSPs, profiles, maintenance and audit logs, and hardware/software baselines
Qualifications for information system security manager
- Bachelor’s Degree and 8 years of experience in Information Assurance (IA)
- Experience with complex Information Systems, Multi-Program Interconnection, PL-2 systems and above
- Experience with various information system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, ACAS, Nessus, SECSCN, DISA SRR, Retina
- IAM Level III DoD 8570 Certification required
- Experience successfully and effectively interacting with internal and external customers (PSOs, SCAs, DAOs, ISSPs, Program Managers)
- Experience with various information system security assessment/hardening tools – SCAP, Nessus, Retina, WASSP, ACAS
3
Information System Security Manager Job Description
Job Description Example
Our company is hiring for an information system security manager. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information system security manager
- Develop/conduct risk assessment procedures for verification of Certification & Accreditation (C&A)/A&A/RMF safeguards to meet various regulatory requirements based upon the NISPOM and JSIG RMF for DoD IT, and occasional support involving ICD 503/DCID, JSIG/JAFAN, NIST & STIG guidelines
- Performs and conducts risk assessments and outlines safeguards in applicable technical areas for applicable devices
- Applies high-level cybersecurity/technical principles and methods to difficult technical problems
- Audits and approves vulnerability management and incident response programs to protect against malicious code and remain in compliance with the security guidelines, standards and directives
- Direct, approve, implement and maintain enterprise security systems and technology
- Provides technical, security policy, and management guidance to the other applicable security and technical personnel and security compliance program implementation
- Test and evaluates network systems and applications/databases to eliminate problems and make improvements to the overall enterprise IT infrastructure
- Knowledgeable in security trends, products, tooling, and industry best practices
- 5 or more years of knowledge and experience in Cybersecurity leadership role, including strategy and operations
- Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures
Qualifications for information system security manager
- Fundamental knowledge of Linux-based platforms
- Fundamental knowledge of Routing and Firewall policy and operations
- Fundamental knowledge of enterprise network architecture, to include Layer3 VPN, Multiple Protocol Label Switching, and remote authentication technologies
- Fundamental knowledge of virtualization concepts and technologies
- Advanced knowledge of National Institute of Standards and Technology (NIST) Risk Management Framework per SP 800-37 Rev
- Advanced knowledge and experience with implementing controls and enhancements based on Committee on National Security Systems (CNSS) Instruction 1253 and overlays described in CNSSI 1253 Appendix F
4
Information System Security Manager Job Description
Job Description Example
Our company is looking to fill the role of information system security manager. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for information system security manager
- Evaluate proposed changes or additions to the information system, and advise senior site leadership of the security relevance
- Work with the Facility Security Officer (FSO) develop, implements and manage a formal Information Security / Information Systems Security Program
- Overseeing the ISSO activities and compliance actions across a broad region
- Interfaces with assessors and auditors Medicaid Stakeholders and IT Personnel to facilitate senior leadership knowledge of organizational risk levels, the development of system security documentation, and reporting requirements
- Evaluates and approves development efforts through the use of Security Assessment reports, in conjunction with the Medicaid Technical Security Assessment team, to ensure that baseline security safeguards are appropriately implemented
- Advises the Chief Information Security Officer on risk levels and security posture the results of cost/benefit analysis of information security program policies, procedures, and technological implementations
- Prepares, distributes, maintains and assists in the development of plans, instructions, guidance, and standard operating procedures concerning the security of organizational system operations
- Reviews organizational external agreements and internal system designs to provide input on security requirements and evaluates associated proposed security architectures and designs to ensure that architectures and designs adequately meet requirements
- Monitor cybersecurity Program compliance by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed
- Work with program personnel to include System Administrators to ensure audit functions are performed properly
Qualifications for information system security manager
- Working knowledge of multiple security disciplines, such as physical security, document control, COMSEC, investigations
- Must possess or be willing to obtain Security+, CISA, Linux+, MS Server, and/or other applicable certifications supporting DoD Directive 8570
- Experience providing COMSEC support and working with Controlled Cryptographic Items
- Experience in an environment and culture steeped in teamwork and collaboration working on challenging technical projects
- A Current Secret clearance - Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume
- Bachelor’s Degree, ideally in Computer Science, or a Computer Technical Certificate (MSCE or GAIC certificate) or equivalent related experience
5
Information System Security Manager Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of information system security manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information system security manager
- Coordinate with program/project stakeholders, the Facility Security Officer (FSO), & Contractor Program Security Officers (CPSOs) and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Assist program personnel at offsite locations to ensure they meet USG certification requirements and are properly trained to execute the cybersecurity program effectively and maintain security compliance
- Complete operating system upgrades
- Provide service desk and technical support to user
- Project management activities, including having full authority to act on matters pertaining to the performance of services under the contract
- Performing security compliance assessments and analysis using automated scanning tools
- Ensuring hardware sanitization and release utilizing pre-approved procedures
- Performing compliance inspections
- Ensuring Configuration Management (CM) control
- Writing, reviewing, and coordinating Certification and Accreditation activities
Qualifications for information system security manager
- Previous COMSEC experience is a plus
- Previous FOCI experience is a plus
- 3+ years of experience as high-level Joint or USMC headquarters staff, including combatant command, Service HQ, component, or MEF
- Experience with supporting and leading working groups and Operational Planning Teams (OPTs)
- Experience with the DoD and international organizations
- Knowledge of the EUCOM Concept and Funding Request (CFR), Global - Theater Security Cooperation Management Information System (G-TSCMIS), and Joint Training Information Management System (JTIMS)