Cybersecurity Information System Security Manager (ISSM), Senior

Torch Technologies is seeking a Cybersecurity Information System Security Manager (ISSM) (Senior) to join a team that conducts advanced planning to achieve/maintain Authority to Operate (ATO) for systems assigned to the Air Force Human Resources Systems Division. This includes performing reviews and monitoring of Risk Management Framework (RMF) packages and oversight of 30K Common Control Indictors from the assessment of 4.8K Security Technical Implementation Guide checklist items as outlined in the National Institute of Standards and Technology special publications to ensure confidentiality integrity and availability of IT systems. This person will be responsible for accomplishing the 6-Step RMF process developing test scripts answering RMF controls in the Enterprise Mission Assurance Support Service (eMASS) developing security documentation and other activities required to obtain an ATO for assigned systems. This position supports the AFLCMC/GB Business and Enterprise Systems Directorate (BES)/GBH Human Resources Systems Divisionat Randolph AFB TX.

Responsibilities:

This position requires a highly motivated individual with experience in ensuring the appropriate operational security posture is maintained for the assigned IT. This includes the following related to maintaining situational awareness and initiating actions to improve or restore cybersecurity posture:

• Reviews and monitors security controls required to obtain an Authority to Operate (ATO) for assigned systems.
• Completes and maintains required cybersecurity certification IAW AFMAN 17-1303.
• Implements and enforces all AF cybersecurity policies procedures and countermeasures.
• Ensures all users have the requisite security clearances and need-to-know complete annual cybersecurity training and are aware of their responsibilities before being granted access to the IT according to AFMAN 17-1301;
• Maintains all authorized user access control documentation IAW the applicable AF Records Information Management System.
• Ensures software hardware and firmware complies with appropriate security configuration guidelines e.g. security technical implementation guides/security requirement guides.
• Ensures proper configuration management procedures are followed prior to implementation and contingent upon necessary approval.
• Coordinates changes or modifications with the system-level ISSM SCA and/or the Wing Cybersecurity office; and
• Reports security incidents or vulnerabilities to the system-level ISSM and wing cybersecurity office according to AFI 17-203 Cyber Incident Handling.

ESSENTIAL DUTIES/POSITION DESCRIPTION:

The successful candidate will provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF) Cybersecurity Framework (CSF) and National Institute of Standards and Technology (NIST) and per Authorization Officials Information Systems Continuous Monitoring (ISCM) strategy.

This position requires a highly motivated individual with ISSM experience to include the below job duties:

• Ensures the integration of cybersecurity into and throughout the lifecycle of the IT on behalf of the AO and in accordance with DoDI 8510.01 for the following:
• Completes and maintains required cybersecurity certification IAW AFMAN 17-1303;
• Ensures all AF IT cybersecurity-related documentation is current and accessible to properly authorized individuals;
• Supports the PM or ISO in maintaining current authorization to operate approval to connect (if required) and implementing corrective actions identified in the plan of actions and milestones;
• Coordinates with the PM and AO staffs development of an ISCM strategy and monitors any proposed or actual changes to the system and its environment;
• Continuously monitors the IT and environment for security-relevant events;
• Assesses proposed configuration changes for potential impact to the cybersecurity posture
• Assesses the quality of security controls implementation against performance indicators;
• Ensures cybersecurity-related events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties such as IOs stewards and AOs of interconnected IT;
• Ensures all ISSOs and privileged users receive necessary technical training and obtain cybersecurity certification IAW AFMAN 17-1301 Computer Security (COMPUSEC) AFMAN 17-1303 and maintain proper clearances IAW DoDI 8500.01; and
• Ensures the AF IT is acquired documented operated used maintained and disposed of properly IAW DoDI 5000.02 and DoDI 8510.01.

Required Qualifications:

• Education
  • Masters or Doctorate Degree in a related field and 10 years of experience in the respective technical/professional discipline being performed 5 years of which must be in the DoD.
  • OR Bachelors Degree in a related field and 12 years of experience in the respective technical/professional discipline being performed 5 of which must be in the DoD.
  • OR 15 years of directly related experience with proper certifications as described in the PWS labor category performance requirements 8 of which must be in the DoD.
• Specific Work Experience
  • Extensive knowledge and proficiency with the Risk Management Framework (RMF) and in accomplishing the 6-steps of the RMF process
  • Experience with developing test scripts and answering security controls in eMASS
  • Expert knowledge and proficiency with Cybersecurity best practices
  • Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies
  • Experience with the implementation of new IT/Business System technologies to include but not limited to Cloud Infrastructure and Enterprise Resource and Planning (ERP) systems.
  • Must have experience with NIST SP 800-53 Security controls and the understanding of control implementations.
  • Must be willing to learn and use cybersecurity testing tools.
• Certifications
  • At a minimum the successful candidate will meet the requirements IAW the DoD Cyber Workforce Framework (DCWF) foundational requirements to obtain and sustain a cybersecurity certification In accordance with DAFMAN 17-1305 DAF Cyberspace Worforce Management Program and must have and maintain one of the following Advanced ISSM certifications:
    • Certified Information Security Manager (CISM by ISACA) (Preferred)
    • Certified Information System Security Professional (CISSP by ISC2) (Preferred)
    • Certified Information Systems Security Officer (CISSO by UAT)
    • Federal IT Security Professional-Manager-NG (FITSP-M by FITSI)
    • GIAC Certified Incident Handler (GCHI by GIAC)
    • GIAC Certified Intrusion Analyst (GCIA by GIAC)
    • GIAC Cloud Security Automation (GCSA by GIAC)
    • GIAC Security Leadership Certification (GSLC by GIAC)
    • Global Industrial Cyber Security Professional (GICSP by GIAC)
• Security Clearance
  • Ability to obtain and maintain a DoD Secret Security Clearance.
• U.S. Citizenship required.

Preferred Qualifications:

• The following skills are highly desirable but not required for this position:
  • Agile principles methodologies and enabling technologies e.g. CheckMarx SonarQube Fortify Jira Confluence Kanban Scrum Jira Jenkins and Bitbucket.

U.S. Citizenship Required for this Position:Yes

Job Type:Regular

Security Clearance: Secret

Schedule: M-F; 8-5

Work Location: Randolph AFB Texas

Travel:Yes 0-10%

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

Benefits:

Torch Technologies is proud to offer a stable and professional work environment a competitive salary and an excellent comprehensive benefit package including: ESOP participation 401(k) match and safe-harbor contribution medical dental vision life insurance short-term disability long-term disability flexible spending accounts Health Saving Accounts and Health Reimbursement Accounts EAP education assistance paid time off and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age genetic information citizenship ancestry marital status protected veteran status disability status or any other status protected by federal state or local law. Torch Technologies Inc. participates in E-Verify.

#LI-EW1