Information Systems Security Manager

Who are we?

MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

• Mission - The Security Services Department’s (SSD) overall mission is to identify and counter cybersecurity security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of national security, including guarding against compromise by foreign intelligence agencies and insider threats.
  * Culture – We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds.

What will you do?

As a SP Cybersecurity ISSM, you will provide expert management of all information security support to several independent Laboratory programs. You will serve as the primary focal point for all cybersecurity matters and have an in-depth knowledge of computer security principles, practices, and procedures in order to execute a comprehensive Information Security program to meet both internal and external requirements. Core responsibilities include:

• Lead and provide direct supervision to assigned Information Systems Security Officers (ISSO)
  * Ensures work is prioritized consistently with work group and organization goals and objectives
  * Develop and maintain multiple System Security Plans (SSP) based on the Joint SAP implementation Guide (JSIG); ensuring systems are operated, maintained, and disposed of according to the approved SSP
  * Conduct security compliance audits and perform security vulnerability assessments on Laboratory information systems
  * Establish and maintain configuration management policies and procedures
  * Ensure users and ISSOs are subject to an effective information security education, training, and awareness program
  * Implement and test IT security policies/procedures as part of a fully integrated IT security program
  * Coordinate and participate in the investigation and mitigation of information system incidents
  * Assume ISSO responsibilities in the absence of the ISSO and respond to off-hour emergencies as needed
  * Recommend and manage budget and other resource allocations required to securely operate and maintain an organization's cybersecurity requirements
  * Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to key stake holders
  * Recognize a possible security violation and take appropriate action to report the incident, as required
  * Assist the Program Managers in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
  * Lead and align information technology (IT) security priorities with the security strategy
  * Prepare for and participate in periodic organization compliance assessments
  * Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program
  * Achieve a passing score on all government inspections

How will you grow?

You will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, thrive and belong.
* Leadership: Room to advance on your team or to lead cross-functional projects.
* Growth Opportunities: Potential for lateral and vertical movement.
* Education/Training: Management training, mentorship, in-house and external courses.
* Exposure: Engagement with sponsors, stakeholders, Laboratory leadership and other Departments and Divisions.
* Community: Participation is encouraged for Laboratory social events, Employee Resource Groups (ERGs), clubs and study groups, volunteering and community service projects.

What you need/Requirements:

To work with MITLL, all employees must meet certain basic requirements.

* Active Top-Secret clearance with SCI eligibility

* Must be a U.S. Citizen

* Education: BS degree in Computer Science, Information Technology, Computer Information Systems, or related field

* Experience: Minimum of six (6) years’ experience within DoD cybersecurity, Special Access Programs (SAP), and Sensitive Compartmented Information (SCI) Programs

* Leadership: Demonstrated capability in leading cross-functional teams and presenting ideas both in writing and orally within a collaborative team environment

* Certification: Possess a DoD 8570.01-M IAM III baseline certification (e.g., CompTIA Security+) or ability to obtain within 6 months of hire

* Security Frameworks: Demonstrated understanding of:

• NIST 800-53
• Risk Management Framework (RMF)
• Joint SAP Implementation Guide (JSIG)
• Intelligence Community Directive (ICD) 503
• National Industrial Security Program Operating Manual (NISPOM) Chapter 8
• DoD Manual 5205.07 Volumes 1–4

*Technical Knowledge: Experienced in auditing, configuration, and vulnerability management

*Operating Systems: Experience with multiple OS environments such as Windows Server (2012, 2016, 2019, 2022), Windows 10/11, Red Hat Enterprise Linux, Ubuntu, and MacOS

*Vulnerability Tools: Demonstrated experience with vulnerability scanning and auditing tools and processes

*Communication: Excellent written and verbal communication skills

Ideally, you will have:

The Laboratory values experiences from diverse backgrounds and occupations. The most successful candidates will have the following skills and qualifications.

• Technical experience, coursework toward an undergraduate degree, or industry IT certifications may be considered in lieu of formal education or DoD security experience requirements

• Experience with virtualization and cloud technologies

• Ability to integrate information security requirements into the acquisition process, including baseline security controls, robust software quality processes, and multiple delivery routes for critical system elements

• Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs (highly desired)