IT and Security Manager (ISSM)

Job Description:

The IT and Security Manager for Classified Workstations (ISSM) will be responsible for the management, security, and compliance of workstations handling classified information. This role requires a deep understanding of security protocols, regulatory requirements, and IT infrastructure. The ideal candidate will have experience in managing classified systems, ensuring compliance with relevant standards, and implementing robust security measures.

Key Responsibilities:

• Manage and maintain classified workstations, ensuring their security and compliance with regulatory requirements.
• Implement and enforce security policies, procedures, and protocols to protect classified information.
• Conduct regular security assessments, audits, and vulnerability scans to identify and mitigate risks.
• Ensure compliance with relevant standards, including NIST 800-53, CMMC, RMF (NIST 800-37), and other applicable regulations.
• Oversee the configuration, maintenance, and monitoring of IT infrastructure supporting classified workstations.
• Manage user access controls, including Role-Based Access Controls (RBAC) and multi-factor authentication (MFA).
• Coordinate with internal and external stakeholders to ensure the secure handling and storage of classified information.
• Develop and deliver security training and awareness programs for employees handling classified information.
• Respond to security incidents, conduct investigations, and implement corrective actions.
• Maintain detailed documentation of security policies, procedures, and incident reports.
• Stay current with emerging security threats, technologies, and regulatory changes.
• Ensure the secure setup, deployment, and decommissioning of classified workstations.
• Manage the lifecycle of classified workstations, including hardware and software updates, patches, and upgrades.
• Serve as the Information System Security Manager (ISSM) for classified systems, ensuring compliance with all relevant security policies and procedures.
• Develop and maintain System Security Plans (SSPs) and other required documentation.
• Conduct risk assessments and support the development of mitigation strategies.
• Interface with government agencies and customers on matters related to classified information systems security.

Supporting FSO Responsibilities:

• Comply with internal security policies and procedures implemented by the Corporate Security Manager/FSO.
• Perform as "Acting" FSO in the absence of the FSO.
• As AFSO, comply with the NISP, NISPOM Rule 32 CFR Part 117, and other related security requirements, policies, procedures, and regulations impacting personnel security clearances, classified information, and government contract administration functions.
• Perform and facilitate administrative security support functions in multiple government security platforms.
• Ensure all classified materials safeguarded by the X-Bow site are compliant with the DOD, NISPOM, and DCSA regulations and directives which govern receiving, inventory, safeguarding, marking, transporting, and destruction of classified information.
• Assist site employees with compliance with Controlled Unclassified Information (CUI).
• Maintain a visitor control program that clearly protects sensitive areas and elements of intellectual property and classified information from unauthorized disclosure.
• Perform safeguarding inventory and tasks related to the operation of high-security locks and GSA-approved containers securing classified information.
• Participate in internal and external security reviews and perform self-assessment inspections to ensure compliance with government and company regulations.
• Perform tasks in support of physical security, Operations Security (OPSEC), security awareness, and other security programs designed to protect company employees, U.S. Government information, and corporate property.

Qualifications:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum of 5 years of experience in IT and security management, with a focus on classified systems and workstations.
• Strong knowledge of security standards and regulations, including NIST 800-53, CMMC, RMF (NIST 800-37), and ITAR.
• Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems, encryption, STIG hardening and compliance auditing, vulnerability scanning tools, and remediation.
• Proficiency in managing IT infrastructure, including servers, networks, and storage systems.
• Experience with user access controls, RBAC, and MFA.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• CISSP certification is required.
• Experience as an Information System Security Manager (ISSM) or similar role.
• Ability to obtain and maintain a security clearance.