Information Security Manager is responsible for developing and managing Information Systems cyber security, including disaster recovery, database protection and software development. Manages IS security analysts to ensure that all applications are functional and secure. Being an Information Security Manager develops and delivers IS security standards, best practices, architecture and systems to ensure information system security across the enterprise. Implements procedures and methods for auditing and addressing non-compliance to information security standards. Additionally, Information Security Manager migrates non-compliant environments to compliant environments. Evaluates the organization to ensure compliance with standards and relevance with industry security norms. Requires a bachelor's degree. Typically reports to a director. The Information Security Manager manages subordinate staff in the day-to-day performance of their jobs. True first level manager. Ensures that project/department milestones/goals are met and adhering to approved budgets. Has full authority for personnel actions. To be an Information Security Manager typically requires 5 years experience in the related area as an individual contributor. 1 - 3 years supervisory experience may be required. Extensive knowledge of the function and department processes. (Copyright 2024 Salary.com)
The Role:
The Information System Security Manager (ISSM) is responsible for managing the Information Systems (IS) according to the National Industrial Security Program Operating Manual (NISPOM) Rule, and other security directives as required. This is done through the application of information technology security principles, best practices and procedures to develop, implement and manage the overall system security program to support the Facility Security Officer (FSO) and the Aerospace and Defense business unit. As part of a high-performance team, the ISSM will be responsible for managing all security related activities and projects in support of the state-of-the-art initiatives pursued by the Adaptive Computing Group Security Center of Excellence.
The Person:
A successful candidate will develop, implement, manage, and maintain compliance of the Information Systems (IS). They will be empowered to take ownership of the system security program, working cross functionally across the organization. Continuous improvement must be part of the candidates DNA. The candidate will find themselves in a highly stimulating and challenging environment working for a world class microelectronics manufacturer.
Key Responsibilities:
· Ensures Information System (IS) compliance in accordance with the Risk Management Framework (RMF), National Industrial Security Program Operating Manual (NISPOM) Rule, DCSA Assessment and Authorization Process manual (DAAPM) and Enterprise Mission Assurance Support Service (EMASS).
· Ensure compliance with other policies and procedures that mandated by other U.S. Government Agencies in support of the Aerospace and Defense Business initiatives.
· Obtain accreditation of IS and maintain compliance through self-inspections, trainings, audits, and documented operating procedures. Maintain and improve upon an IS security education and awareness culture.
· Manage/Handle IS security incidents through a robust incident response strategy, working closely with the FSO.
· Implement security features and audits for the detection of malicious code, viruses, intruders (hackers), and Insider Threats as required.
· Management, training, and education of Information System Security Officer(s) (ISSO) as needed.
· Apply Project Management skills to other initiatives as needed.
Preferred Experience:
· Clearance Required: Active Secret Clearance.
· Ability to complete ISSM training within 6 months of hire if not already completed
· Demonstrated knowledge and usage of the NISPOM Rule, RMF, DAAPM, and EMASS.
· Demonstrated knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls, based on NIST SP 800-53, as they are mapped to DoD IS authorizations.
· Experience in managing projects from requirements definition through deployment, identifying schedules, scopes, budget estimations, and implementation plans, including risk mitigation
· Working knowledge of SCAP and STIG Viewer.
· Experience/Knowledge of Windows, UNIX and Linux Operating Systems.
· Highly proficient with productivity software such as Microsoft Word, Excel, Teams, PowerPoint, and Outlook.
· Proven analytical and problem-solving experience.
· Experience operating in DoD Secure Area environments.
· Highly motivated self-starter that can work independently.
· Proven analytical and problem-solving experience.
· Strong communication skills.
· Professional certification such as PMP preferred but not required.
Academic Credentials:
Bachelor’s degree with a minimum of 5-7 years of experience.