Cybersecurity – Information Systems Security Manager (ISSM) - Clearance Required

Overview

LMI: Innovation at the Pace of Need™

At LMI, we’re reimagining the path from insight to outcome at The New Speed of Possible™. Combining a legacy of over 60 years of federal expertise with our innovation ecosystem, we minimize time to value and accelerate mission success. We energize the brightest minds with emerging technologies to inspire creative solutioning and push the boundaries of capability. LMI advances the pace of progress, enabling our customers to thrive while adapting to evolving mission needs. 

The Cybersecurty - ISSM will apply control principles and concepts to develop innovative approaches and maintain Authorization to Operate (ATO) and for Authorization to Use (ATU) for reciprocity.  This role will assess security controls and documents and work with ISSOs, the Government, system administrators and third party vendors to meet the rigorous standard of the DoD and Army and develop new processes to support streamlined compliance and maximize inheritance. You will support RMF packages and conduct security reviews in conjunction with Cyber SMEs and Cyber teammates to ensure package quality and actively work with the Government to develop new and refine ATO and reciprocity processes to maximize control efficiency and effectiveness.

Responsibilities

The ISSM will:

• Acquire and manage all necessary documentation/artifacts, including cybersecurity support and resources, to support IT cybersecurity goals and objectives from a risk management perspective.
• Advise senior management on system risk levels and cybersecurity posture.
• Ensure that developed systems and architectures are consistent with all applicable DoD and Army cybersecurity policies and guidelines.
• Perform Assessment and Authorization (A&A) cybersecurity reviews, identify gaps, and support risk management plans for cybersecurity personnel to execute.
• Provide input on cybersecurity requirements and collect and maintain data needed to meet system cybersecurity compliance reporting.
• Provide subject matter expertise for Risk Management Framework (RMF) activities and related documentation to support system accreditation / Authority to Operate (ATO) requirements.
• Interpret noncompliance to determine the impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Coordinate with geographically-distributed, multi-discipline teams to ensure compliance with all applicable requirements for cybersecurity are addressed.
• Ensure that plans of action and milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. and support necessary remediation/compliance activities.
• Participate in recurring cybersecurity working group meetings.
• Oversee and manage A&A activities for program level ISSOs and ISSMs to support an understanding of their respective systems and security activities.
• Work with program ISSOs and other ISSMs to effectively aggregate technical details for government leadership including the cybersecurity lead, project managers, program managers to facilitate succinct and effective risk discussions and provide understanding of respective program risks.
•  

Qualifications

Required Qualifications:

• Excellent written & verbal communication skills
• Three (3) years of experience of supporting RMF implementation of DoD 8510.01 RMF activities throughout the lifecycle
• Eight (8) to ten years of experience in control or information assurance activities using NIST security frameworks such the NIST 800-53 series
• DOD 8570 IAT Level III certification such as CISSP
• Experience with deploying DISA STIGs, running ACAS scans and expert knowledge of eMASS
• Must possess or maintain DoD Secret clearance or higher
• Bachelors in Information Systems, Computer Science or related fields

Desired Qualifications:

• Experience with DoD ATO reciprocity for enterprise system deployments
• Familiarity or experience with FedRAMP readiness or assessment processes
• Exposure to Army RMF 2.0, cArmy and Continuous Monitoring (CONMON)
• Previous work experience in interfacing with Defense Security/Cybersecurity Authorization Working Group (DSAWG)
• Experience in working with Security Control Overlays and Cross Domain Transfers and Access
• Previous work experience in IL6 environments, JWICs
• Previous work exposure to Docker and Kubernetes containers, DevSecOps and AI/ML Ops
• Exposure to AWS, Azure and Google Cloud