Information System Security Manager Job Description
Information System Security Manager Duties & Responsibilities
To write an effective information system security manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information system security manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Information System Security Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information System Security Manager
List any licenses or certifications required by the position: CISSP, IAM, II, IA, III, ITIL, IAT, CISM, CEH, GSLC
Education for Information System Security Manager
Typically a job would require a certain level of education.
Employers hiring for the information system security manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Technical, Information Technology, Supervision, Information Assurance, Information Systems, Security Management, Military, Science
Skills for Information System Security Manager
Desired skills for information system security manager include:
Desired experience for information system security manager includes:
Information System Security Manager Examples
Information System Security Manager Job Description
- Establish, document, and monitor the IS Security Program and related procedures for all facilities and ensures facility compliance with requirements for IS
- Collects and reports unique local threats/vulnerabilities to IS
- Respond to Government reporting requirements as directed
- Ensure that periodic self-inspections of all facility's IS Programs are conducted as part of the overall facility self-inspection program and that corrective action is taken for all identified findings and vulnerabilities
- Interpret & integrate DoD / Air Force Policies, Instructions, Directives, Manuals, Technical Orders into information system security requirements, training programs, and local maintenance / monitoring procedures
- Negotiate security control requirements / control tailoring with SCAs, Authorizing Officials, Vulnerability Assessment Teams, Program Managers and general compliance inspection teams
- Lead and organize Assessment & Authorization activities
- Organize security related priorities, develop accountable schedule projections, manage conflict resolution, present to/ advise Senior Military and Civilian leaders
- Review, edit and prioritize information system documentation (SSPs, SCTMs, Certification Test Procedures, Plans of Action & Milestones, Risk Assessment Reports, CONOPS, ancillary plans)
- Enforce configuration/change management requirements
- DoD 8570.1M compliant Professional Certification
- Technical bachelor's degree and typically 9 or more years' related work experience or a Master's degree with typically 7 or more years' or a PhD degree with typically 4 or more years' related work experience or an equivalent combination of education and experience
- Current and Active Top Secret/SCI clearance
- Must possess current Security+, or higher (CISSP preferred) to be considered for this position
- Minimum of 5-7 years of related work experience in Information Technology
- Active Security Clearance required (Secret)
Information System Security Manager Job Description
- Approve and/or validates all GCN information system security reporting
- Manages Cybersecurity resources as directed by senior managers, including oversight and review of Cybersecurity budget items
- Reviews and approves the security of hardware and software prior to implementation into the GCN enterprise
- Tests GCN security implementation
- Implements and manages Plan of Action and Milestones (POAM) for the GCN
- Reviews and directs the maintenance of an inventory of all GCN information systems
- Ensures that an Information System Security Officers (ISSO) is appointed for any systems managed as required by program managers
- Reviews and approves an Information System Security Officer (ISSO) for the GCN
- Manage IT Security projects from start up to project sunset and required maintenance and sustainment phase
- Administer "assessment and authorization/ certification and accreditation" processes in accordance with U.S. Government requirements, including but not limited to MSSPs, SSPs, profiles, maintenance and audit logs, and hardware/software baselines
- Bachelor’s Degree and 8 years of experience in Information Assurance (IA)
- Experience with complex Information Systems, Multi-Program Interconnection, PL-2 systems and above
- Experience with various information system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, ACAS, Nessus, SECSCN, DISA SRR, Retina
- IAM Level III DoD 8570 Certification required
- Experience successfully and effectively interacting with internal and external customers (PSOs, SCAs, DAOs, ISSPs, Program Managers)
- Experience with various information system security assessment/hardening tools – SCAP, Nessus, Retina, WASSP, ACAS
Information System Security Manager Job Description
- Develop/conduct risk assessment procedures for verification of Certification & Accreditation (C&A)/A&A/RMF safeguards to meet various regulatory requirements based upon the NISPOM and JSIG RMF for DoD IT, and occasional support involving ICD 503/DCID, JSIG/JAFAN, NIST & STIG guidelines
- Performs and conducts risk assessments and outlines safeguards in applicable technical areas for applicable devices
- Applies high-level cybersecurity/technical principles and methods to difficult technical problems
- Audits and approves vulnerability management and incident response programs to protect against malicious code and remain in compliance with the security guidelines, standards and directives
- Direct, approve, implement and maintain enterprise security systems and technology
- Provides technical, security policy, and management guidance to the other applicable security and technical personnel and security compliance program implementation
- Test and evaluates network systems and applications/databases to eliminate problems and make improvements to the overall enterprise IT infrastructure
- Knowledgeable in security trends, products, tooling, and industry best practices
- 5 or more years of knowledge and experience in Cybersecurity leadership role, including strategy and operations
- Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures
- Fundamental knowledge of Linux-based platforms
- Fundamental knowledge of Routing and Firewall policy and operations
- Fundamental knowledge of enterprise network architecture, to include Layer3 VPN, Multiple Protocol Label Switching, and remote authentication technologies
- Fundamental knowledge of virtualization concepts and technologies
- Advanced knowledge of National Institute of Standards and Technology (NIST) Risk Management Framework per SP 800-37 Rev
- Advanced knowledge and experience with implementing controls and enhancements based on Committee on National Security Systems (CNSS) Instruction 1253 and overlays described in CNSSI 1253 Appendix F
Information System Security Manager Job Description
- Evaluate proposed changes or additions to the information system, and advise senior site leadership of the security relevance
- Work with the Facility Security Officer (FSO) develop, implements and manage a formal Information Security / Information Systems Security Program
- Overseeing the ISSO activities and compliance actions across a broad region
- Interfaces with assessors and auditors Medicaid Stakeholders and IT Personnel to facilitate senior leadership knowledge of organizational risk levels, the development of system security documentation, and reporting requirements
- Evaluates and approves development efforts through the use of Security Assessment reports, in conjunction with the Medicaid Technical Security Assessment team, to ensure that baseline security safeguards are appropriately implemented
- Advises the Chief Information Security Officer on risk levels and security posture the results of cost/benefit analysis of information security program policies, procedures, and technological implementations
- Prepares, distributes, maintains and assists in the development of plans, instructions, guidance, and standard operating procedures concerning the security of organizational system operations
- Reviews organizational external agreements and internal system designs to provide input on security requirements and evaluates associated proposed security architectures and designs to ensure that architectures and designs adequately meet requirements
- Monitor cybersecurity Program compliance by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed
- Work with program personnel to include System Administrators to ensure audit functions are performed properly
- Working knowledge of multiple security disciplines, such as physical security, document control, COMSEC, investigations
- Must possess or be willing to obtain Security+, CISA, Linux+, MS Server, and/or other applicable certifications supporting DoD Directive 8570
- Experience providing COMSEC support and working with Controlled Cryptographic Items
- Experience in an environment and culture steeped in teamwork and collaboration working on challenging technical projects
- A Current Secret clearance - Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume
- Bachelor’s Degree, ideally in Computer Science, or a Computer Technical Certificate (MSCE or GAIC certificate) or equivalent related experience
Information System Security Manager Job Description
- Coordinate with program/project stakeholders, the Facility Security Officer (FSO), & Contractor Program Security Officers (CPSOs) and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Assist program personnel at offsite locations to ensure they meet USG certification requirements and are properly trained to execute the cybersecurity program effectively and maintain security compliance
- Complete operating system upgrades
- Provide service desk and technical support to user
- Project management activities, including having full authority to act on matters pertaining to the performance of services under the contract
- Performing security compliance assessments and analysis using automated scanning tools
- Ensuring hardware sanitization and release utilizing pre-approved procedures
- Performing compliance inspections
- Ensuring Configuration Management (CM) control
- Writing, reviewing, and coordinating Certification and Accreditation activities
- Previous COMSEC experience is a plus
- Previous FOCI experience is a plus
- 3+ years of experience as high-level Joint or USMC headquarters staff, including combatant command, Service HQ, component, or MEF
- Experience with supporting and leading working groups and Operational Planning Teams (OPTs)
- Experience with the DoD and international organizations
- Knowledge of the EUCOM Concept and Funding Request (CFR), Global - Theater Security Cooperation Management Information System (G-TSCMIS), and Joint Training Information Management System (JTIMS)