Information System Security Manager (ISSM)

The Analytical Solutions Division (ASD) of Applied Research Associates (ARA), Inc (www.ara.com)  has an exciting opportunity for a full-time Information System Security Manager (ISSM) on-site at our Huntsville, AL location. ISSM is responsible for overseeing security operations in compliance with the 32 CFR Part 117 National Industrial Security Program Operating Manual (NISPOM).  Interface with the Defense Counterintelligence and Security Agency (DCSA), managing security policies, conducting assessments, and ensuring the integrity of security systems.  Responsible for the planning, organization, maintenance, and compliance of multiple classified systems in accordance with NISPOM, risk management framework (RMF) requirements, and DCSA Assessment & Authorization Process Manual (DAAPM).  Develop policy, guidance, and establish implementation and oversight plans to ensure compliance with Risk Management requirements. ISSM will also serve as the Facility Security Officer to handle personnel clearance processing and maintain facility clearance activities and provide administrative security support associated with the receipt, distribution, inventory, reproduction and disposition of classified material.  For this position, ARA will only consider applicants with an active SECRET Security Clearance or higher. Position is not eligible for remote work schedule. 

• Collaborate with Project Managers (PMs) or Information System Owners (ISO) in maintaining current authorization to operate, and approval to connect for all systems and networks, and in implementing corrective actions identified in the plan of action and milestones
• Conduct recurring Cybersecurity reviews on information systems in accordance with DoD RMF practices, DCSA Assessment and Authorization Process Manual (DAAPM), NIST 800-53 Special Publications, customer directives, and company policies as applicable.
• Audit information systems to ensure compliance with security policies and procedures
• Manage user access and conduct user briefings as required
• Schedule mandatory Information System patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance; maintain the day-to-day security posture and continuous monitoring for all systems
• Investigate classified spills/incident response or other security-related incidents to DCSA and recommend corrective actions
• Apply physical security concepts to maintain current Facility Clearance Level (FCL) and approved safeguarding
• Manage the Access Control/Alarm System in accordance with DoD standards

Must Haves as an ISSM:

• Must possess a U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret clearance
• Must be a U.S. Citizen
• 2-4 years’ experience as NISPOM ISSO/ISSM
• Experience with security assessment/hardening tools, i.e., STIGs, SCAP, GPO, NESSUS, etc.
• Possess strong understanding of computer operating systems (Windows and Linux), software and computer hardware
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Must be able to initiate communication with management and various government agencies for support and/or compliance requirements
• Knowledgeable in all areas of security (physical, personnel, information, communication, insider threat etc.) specialties, concepts, principles, criteria, requirements, technology, tracking and electronic security practices
• Knowledgeable of NISPOM and DCSA reporting requirements specifically in regard to security incidents and violations

Must have the following certificates, or must be completed within 6 months of hire:

• FSO Program Management for Possessing Facilities Curriculum (IS030.CU),
• ISSM Required Online Training DAAPM - 2.6 Program Risk Management Framework (CS100.CU),
• CompTIA Continuous Monitoring (CS200.16),
• Introduction to the Risk Management Framework (CS124.16),
• Introduction to Industrial Security (IS011.16),
• Introduction to Information Security (IF011.16),
• Introduction to Personnel Security (PS113.16),
• Introduction to Physical Security (PY011.16)

This will “WOW” us if you have the following:

• Active DoD TS/SCI Clearance
• Possess a DoD 8570 IAM-I level professional certification, Security + or CISSP
• Proficient in IA Security specifications such as Risk Management Framework (RMF) and NIST SP 800-53
• Working knowledge of eMASS application/DISS/NBIS

Please apply at careers.ara.com for the Information System Security Manager (ISSM) position.

#LI-AB1