Information Systems Security Manager (ISSM)

Business Technology Integrators (BTI) is seeking an Information Systems Security Manager (ISSM) to lead a team in executing risk management efforts against our customer's inventory of on premise, vendor and cloud-based systems. The successful candidate will provide support in the following areas:

• • Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk. • Assist in the execution and management of the House Risk Management Framework (RMF) and advises ISSOs on proper application of House cybersecurity policies and requirements. • Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc. • Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture. • Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. • Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature. • Ensure that security improvement actions are evaluated, validated, and implemented as required. • Identify alternative information security strategies to address organizational security objectives. • Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. • Participate in information security risk assessments during the Security Assessment and Authorization process. • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy. • Provide technical and procedural information system advice to risk management team. • Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided. • Assume ISSO responsibilities in the absence of ISSO. • Ensure approved House procedures are followed in the implementation of security controls. • Ensure a record is maintained of all vulnerabilities for existing authorization boundaries. • Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems. • Maintain a working knowledge of system technology, security policies, and security safeguards. • Ensure continuous monitoring of authorization boundaries and implemented security controls is followed. • Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems. • Provide role-based training for assigned ISSOs specific to their roles and responsibilities. • Brief senior management on the status of ISSOs and their assigned projects. • Work with senior leadership to mature risk management processes within the House environment. • Develop and formalize risk management training, specific to the House environment, for varied stakeholder groups. • Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats. • Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities. • Participate in the technical security evaluation and assessment of new technologies in support of House of Representatives operations and provide supporting reviews. • Provide audit support to cybersecurity for audit activities and recommendations. • Perform other duties as assigned.

The successful candidate shall possess the following knowledge, skills, and abilities:

• • Minimum of eight (8) years of demonstrated work experience in cybersecurity risk management. • Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems. • Strong knowledge and expertise with NIST publications. • Demonstrated experience providing quality A&A deliverables. • Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners. • Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools. • Understanding of management, operational and technical cybersecurity principles. • Experience with privacy principles and frameworks is preferred.
• Powered by JazzHR