(602) Information Systems Security Manager III

Position Description:

The Information System Security Manager (ISSM) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key cybersecurity leader for NSWCPD Code 104. This key personnel position is responsible for overseeing and managing information security program implementation within the organization, supporting DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF) services, and ensuring compliance with all NAVSEA, DON, and DoD cybersecurity policies.


Location: (Onsite) Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors:

Cybersecurity Program Management

• Support IT security goals and objectives to reduce overall organizational risk 
• Communicate the value of IT security throughout all levels of organization stakeholders 
• Coordinate with various levels of the organization to oversee information security program implementation 
• Manage cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources 
• Assist with facilitating communication between all RMF stakeholders throughout the RMF process Security Assessment and Authorization 
• Assist with the collection of data needed to meet system cybersecurity reporting requirements 
• Assist with security improvement actions as they are evaluated, validated, and implemented 
• Participate in information security risk assessments during the Security A&A process 
• Assist with identifying security requirements specific to IT systems in all phases of the system life cycle 
• Coordinate with programs to resolve findings identified during internal and external review processes Compliance and Risk Management 
• Assist with cybersecurity inspections, tests, and reviews for the network environment 
• Assist with identifying alternative information security strategies to address organizational security objectives 
• Interpret patterns of noncompliance to determine their impact on risk levels and overall effectiveness of the enterprise's cybersecurity program 
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken 
• Monitor systems for upcoming authorization conditions/stipulations, upcoming or past due POA&M items, and SLCM activities Documentation and Reporting •
• Develop findings reports and recommended corrective actions for identified deficiencies 
• Report system compliance in DON Application and Database Management System (DADMS), Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON), and Vulnerability Remediation Asset Manager (VRAM) 
• Assist with Quality Assurance (QA) reviews for RMF package submissions in accordance with NSWCPD and NAVSEA 03 SOP 
• Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals 
• Track and respond to Cybersecurity data calls per Government guidance
  
  

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Secret security clearance 
• Master's degree in computer science, information technology, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university 
• Eight (8) years of experience coordinating with various levels of an organization to oversee and manage information security program implementation 
• Experience managing cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources 
• Must possess one of the following certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP 
• IAM-II certification level 
• Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF)

Desired Qualifications:

• Experience with enterprise security technologies and tools including eMASS and VRAM 
• Knowledge of NIST Special Publications and DoD cybersecurity instructions 
• Experience with Navy and DoD organizational structures and policies 
• Familiarity with NAVSEA cybersecurity requirements and procedures 
• Experience with vulnerability management and continuous monitoring 
• Demonstrated leadership abilities and strong communication skills