Information Systems Security Manager

CTR Corporation

Newport News, VA, USA

Published: 6/14/2022

Technology

Full Time

Job Description

CTR Group is seeking an Information Systems Security Manager for a company specializing in Aerospace Research & Development and Testing in the Newport News, VA area.

EXCELLENT SALARY RANGE and benefits.

SUMMARY:

This position is responsible to ensure all systems comply with NIST 800-171, CMMC, and various security related system controls while meeting program demands and operating in an accredited state. Establish compliance framework, work collaboratively with team and vendors in all aspects of SSP development, maintenance, accreditation/re-accreditation, and oversight, including conducting periodic reviews to ensure compliance.

Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Capture all supporting activities and evidence needed for the various compliance frameworks. Provide guidance an input to vendor inquiries and questionnaires.
Work with partners to perform cyber defense trend analysis and reporting on a regular basis. Working with our security partners, ensure event correlation is being done using information gathered from a variety of sources within the company to gain situational awareness and determine the effectiveness of an observed attack. Work with vendor to perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Facilitate vulnerability assessments and remediation activities
Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance.
Lead Disaster Recovery and Business Continuity Plans. Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Ensure data protection policies are enabled and enforced.
Perform security reviews, develop a security risk management plan. Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

Preferred Education / Experience:

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems Management, Management Information Technology or related discipline
7+ years of experience in cybersecurity and/or systems security; or
A combination of education and experience equivalent to above
The ability to obtain and maintain a US security clearance (U.S. citizenship is required)
A Certified Information Systems Security Professional (CISSP) is required.
CMMC Level 2 certification preferred.

Preferred Knowledge / Ability:

Solid understanding of security protocols, cryptography, authentication, authorization, identity management, and information security
Experience implementing NIST 800-171, CMMC, NISPOM, ICD and or ODAA Process Manual requirements
In-depth knowledge with the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs)
Experience with NIST 800-53 Security Controls, NISPOM Technical Baseline, ICD 503, and JSIG requirements/programs
Motivated self- starter with the ability to work well in a team setting
Outstanding work ethic and commitment to organizational success
Excellent communication skills (written, verbal, & presentation) with a strong attention to detail
Experience with Windows, Windows Server, Active Directory, Group Policy, and VMWare, Cisco networking
Technical knowledge of Linux, and UNIX based platforms preferred
Ability to handle multiple tasks in a fast-paced environment
Ability to quickly adapt and change priorities while professionally managing interruptions
Must be highly organized and able to meet assigned deadlines

CTR Group has been a leader in its industry for over 35 years and is rated highly on Google, Indeed and Facebook for being a great company to work for. If you enjoy being a part of a great team. Apply today and check out our website for more information.

CTR Group is an equal employment opportunity employer. Candidates are selected based on qualifications and defined requirements of the job, not on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin or any other protected status. Further, CTR Group encourages United States' Veterans and persons with disabilities to apply for positions for which they are qualified.

Company DescriptionCTR group is a full-service employment & recruiting firm, matching the strengths and skills of thousands of candidates with employers. http://jobs.ctrc.com

Company Description

CTR group is a full-service employment & recruiting firm, matching the strengths and skills of thousands of candidates with employers. http://jobs.ctrc.com