Information Systems Security Manager (ISSM) - Hybrid | Chantilly, VA

This position will be hybrid and can be hired in the Washington, DC metropolitan area.

The Information Systems Security Manager (ISSM) will perform duties for the Optiv+ClearShark information systems environments, both unclassified and classified, will own and manage the information system security program for Optiv + ClearShark and will report directly to the Senior Corporate Counsel.  The ISSM is responsible for leading projects and operational tasks that apply new and existing technologies and solutions to solve business needs in the cybersecurity space.  The ISSM works with other engineers, various groups, and operational support staff both within IT and other business units to provide and maintain solutions that meet business and technical requirements. The ISSM will assist in the development of procedures and runbooks; act as the subject matter expert in a variety of cybersecurity domains such as Identity and Access Management, Vulnerability Management, Endpoint Protection, Incident Response activities, etc.; and will provide tier two production support for responsible solutions.

How you’ll make an impact

• Develop, administer, and sustain a CMMC Program and Certification.
• Ensure NIST 800-171 compliance for all applicable corporate information systems.
• Lead the development and implementation of security solutions and process improvements.
• Lead the enhancement of key security solutions in the GRC, Security Operations, and IAM space.
• Ability to manage security vendors to resolve issues and maximize configurations.
• Lead the deployment, monitoring, troubleshooting, and changing of security solutions.
• Partner with IT and business colleagues to ensure proper security controls are included in new solutions.
• Research and evaluate the impact of new vulnerabilities, security alerts and threat intelligence bulletins.
• Participate in threat hunting and incident response events.
• Lead third-party risk management tasks such as conducting risk assessments for vendors and services.
• Build and maintain relationships with key customer's technical staff members and with internal stakeholders from IT, customer service and field operations.
• Share experience, knowledge, and ideas with management and co-workers to maintain a kind and respectful team-based environment.
• Promote a corporate culture that is committed to information security best practices.
• Participate in after-hours support, as needed, to respond to critical security incidents.
• Function with a high degree of integrity with an ability to keep information confidential.
• Develop, administer, and sustain RMF packages for classified systems IAW NIST 800-53, NISPOM, and ICD requirements.
• Perform audit log reviews and initiate incident response actions for any anomalous activity.
• Lead the vulnerability management program; perform vulnerability scans and prioritize and coordinate remediation actions.
• Assess systems and create baselines utilizing the DISA STIGs.
• Develop a Plan of Action and Milestones (POA&M) and work items to remediation.
• Participate in change control board meetings.
• Work in partnership with the Facility Security Officer (FSO) to meet NISPOM and NISP requirements.

What we’re looking for

• Bachelor’s degree in computer science and/or any related fields, Master’s Degree a plus.
• Minimum of 7+ years of relevant work experience related to cyber security.
• Must be a US Citizen and be able to obtain and maintain a Top Secret Security Clearance.  Holding a current Top Secret clearance with SCI eligibility is a plus.
• Must have experience with several of the following: Microsoft, O365, Active Directory, Splunk, ServiceNow, SailPoint, Qualys, CASB, Prisma Access, Tenable, XSIAM, or other cybersecurity tools.
• Proficient across multiple operating systems such as Microsoft Windows, ESXi, Apple MacOS, and RedHat Linux.
• Familiarity with security best practices for cloud architectures (SaaS, IaaS, PaaS).
• Knowledge of securing cloud environments particularly Azure and AWS.
• Fundamental understanding of network protocols and network security.
• Knowledge of industry and Government frameworks such as NIST, CMMC, and RMF.
• Have experience with developing and sustaining Government accreditation packages within different Government frameworks, such as NISPOM, CMMC, JSIG, and ICD.
• Have experience reviewing audit logs and performing cybersecurity incident investigations.
• Experience with the DISA STIGs and performing STIG validations of different technologies.
• Detail-oriented with strong conceptual, analytical, problem solving, decision making and planning skills.
• Knowledge of modern software development lifecycles, including Agile and iterative development.
• Excellent written and oral communication skills; and demonstrated ability to interact with technical, non-technical, and business members of the organization.
• Ability to manage multiple tasks.

• #CJ

• #LI-BC1

Must have

• Valid Driver’s License.
• Ability to work greater than 40 hours per week as needed.
• Ability to travel up to 10% percent of the time.
• CISSP or other DoD 8570 IAM Level II certification required, other security certifications are a plus.
• Must be able to obtain and maintain a Top Secret Security Clearance. You do not need a security clearance to start.
• Ability to respond to critical cybersecurity incidents after hours or on weekends as necessary.

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv + ClearShark is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.  

Optiv + ClearShark respects your privacy. By providing your information through this page or applying for a job at Optiv + ClearShark, you acknowledge that Optiv + ClearShark will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv + ClearShark’s selection and recruitment activities.  For additional details on how Optiv + ClearShark uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.