ESP seeks a ISSM for our Orlando, FL office. The ISSM is responsible for classified programs Cybersecurity /Risk Management Framework (RMF) posture in accordance with government directives and program requirements. In this position, the ISSM interfaces and collaborates with other Information Assurance (IA) professionals, Security professionals, System Administrators, ESP Site Managers, engineering community, and government customers on compliance and configuration change management.
- The ISSM is responsible for the Information Assurance (IA) program as stipulated by various US Government requirements including: National Industrial Security Operating Manual (NISPOM), DSS Authorization and Assessment Process Manual (DAAPM), and the Joint Special Access Implementation Guide (JSIG)
- Monitor cybersecurity compliance by performing periodic self-inspections, tests and reviews of information systems to ensure that workstations/servers are operating as authorized/accredited and that conditions have not changed
Develop corrective solutions and maintain associated documentation (to include required reports) as appropriate
- Coordinate with program/project stakeholders, IA staff, the Facility Security Officer (FSO), Contractor Program Security Officers (CPSOs) and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Preparation and maintenance of security Assessment and Authorization documentation (e.g., IA Standard Operating Procedures (SOP), SSP, MSSP, RAR, SCTM)
- Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis.
- Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
Maintain thorough understanding of NIST 800-53 controls, determines controls applicable to the application, and document implementation in Security Controls Traceability Matrix (SCTM).
- US Citizen
- Knowledge and experience with assessment and authorization requirements as outlined in the NISPOM Chapter 8, DAAPM, RMF, ICD 503, JSIG, NIST RMF & STIG and other USG IS/Security-related policies
- DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months upon being hired
- Currently holds an active DoD Secret clearance
- Experience with configuration/certification and auditing/analysis Windows/Linux operating systems and system virtualization in Peer-to-peer, LAN & WAN networks
- Excellent communications skills
- Demonstrated strong critical thinking and problem-solving skills
- Detail oriented and self-motivated
- Ability to effectively prioritize multiple projects
- Ability to work with people in a team environment and deal effectively with changing project priorities
- Candidate must have demonstrated professional customer service skills
- Four (4) to Six (6) years’ experience as an ISSM implementing NISPOM Chapter 8, DAAPM, ICD503 and/or JSIG IS requirements
- Experience with Windows/Linux or similar operating environments
ESP is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status and other protected characteristics.