Information System Security Manager (ISSM)

The Leidos Health and Civil Sector is seeking an Information System Security Manager (ISSM) who is interested in working in a fast-paced environment to establish a robust security posture for a government information system for a new federal agency.  The successful candidate will provide oversight and enforcement of Cyber Security policies and procedures to maintain a holistic security approach for the lifecycle of the system.  The ISSM will report directly to the agency Chief Information Security Officer (CISO).  The ISSM will serve as the Subject Matter Expert (SME) as part of the Security Team and technical domain. In addition, the role requires oversight of a Cybersecurity Team and ensures their compliance with established information security requirements.

This position is remote (In the US) with up to 10% travel.

Candidates MUST:

Be currently located in the United States for the current three consecutive years and have the ability to obtain a Public Trust Clearance.

Other skills and responsibilities include, but are not limited to:

• Hands-on experience enforcing information protection policies in an unclassified environment.
• Proficient with a major cloud services platform, i.e., GCP, Azure, AWS, SaaS applications, etc.
• Documents compliance activities in accordance with the governing authority approved authorization package.
• Develop, implement, and enforce Information Security Policies and Procedures.
• Evaluates proposed changes or additions to the information system and advises senior site leadership of the security relevance.
• Participates in internal/external security audits/inspections; performs risk assessments and Continuous Monitoring.
• Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered.
• Develops and implements an effective system security education, training, and awareness program.
• Maintains a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Performing risk assessments and documenting results in a RAR and keeping the risk assessment current throughout the acquisition/development portion of the system life cycle.
• Certifying to the AO, in writing, that the requirements and implementation procedures listed within the security plan are in accordance with the NISPOM, NIST SP 800-53, etc.
• Maintains the system in accordance with the security plan and Authorization to Operate (ATO).

Required Qualifications

• Bachelor's Degree, and minimum ten (10) years of experience.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
• Detailed understanding of the Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
• 3 years’ experience as an ISSM or 5 years’ experience as a Sr. ISSO.
• Experienced in one or more cloud computing services and technologies including but not limited to: AWS, Microsoft Azure, Google Cloud to assist in the preparation of management plans and reports.

Desired Certification

• Cloud certification is a plus

hhsnih

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.