Senior Information System Security Manager
Herndon, VA
Chameleon Consulting Group
Company Overview
CCG delivers solutions to the most challenging problems our nation faces in cyberspace. We combine extensive cyber tradecraft with a principled, innovative, and asymmetric approach to deliver unparalleled results. Excellence is our standard and mission success is our metric.
Role
As a CCG Senior ISSM, you will be directly embedded with Program Management and Developer Team Leads. Additionally, you will be responsible for driving security innovation and implementation as part of the project as a whole. The role also entails the establishment and maintenance of ATO packages and their associated artifacts. We are looking for a passionate information security professional who flourishes at being in the forefront of new ideas and has a desire to learn and apply automated and cutting-edge practices.
This role will require 5 days a week onsite in Arlington and/or Herndon, Virginia
Responsibilities
- Manage and develop artifacts as part of a Government Authorization to Operate (ATO), supporting classified cloud, CI/CD, and Infrastructure as Code high risk environments.
- Create and update artifacts (i.e. SSP, hardware/software lists, PPSM, SCTM).
- Maintain communication with project management/engineers on the implementation of security controls and policy enforcement.
- Engage with the security control assessor (SCA) from the authorizing official (AO) office, to negotiate the balance of mission needs and cybersecurity.
- Support the maintenance of ATO packages in classified areas.
- Evaluate, develop and/or implement information assurance guidelines and procedures as required.
- Recommend security solution mitigations and enhancements supporting information assurance guidelines and customer requirements.
- Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.
- Establish programmatic support plans ensuring the continuing accreditation of mission critical systems.
- Ensure that all information systems meet or exceed compliance requirements.
- Identify, report, and ensure the resolution of security violations.
- Monitor and review the IA needs for classified environments.
Minimum Qualifications
- Active TS Clearance// SCI with ability to obtain Poly
- Current DoDM 8570 IAM Level III Certification
- 8 years of experience working as an ISSM
- Strong program management skills, the ability to communicate with team members and stakeholders clearly and effectively. Ability to implement programmatics and manage multiple systems, ATOs, and mission requirements while maintaining stakeholder expectations.
- Has experience, and is confident in, auditing and performing control assessments on Classified, and Cloud systems.
- Fluent in understanding the Risk Management Framework (RMF)
- Solid understanding of the System Development Life Style (SDLC)
- Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammates
- Independent and diligent with their assigned work
- Knowledge of government classified contract requirements from an information security perspective
- Experience using scanners (i.e. ACAS, Nessus, SonarQube)
- Demonstrated experience having taken multiple packages from creation to full ATO, and experienced in ISA’s and ATC.
- Must be eligible for employment in the United States
Preferred Qualifications
- Certified Information Systems Security Professional (CISSP)
- Ability to identify needed changes to processes and activities and help to implement continuous improvement solutions
- Experience working with JSIG system ATOs.
- Have experience creating various types of vulnerability and assessment scans with multiple tools
- Experience using eMASS or Xacta
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: ACAS Audits CI/CD CISSP Clearance Cloud Compliance DoDD 8570 eMASS IAM Nessus Risk analysis Risk management RMF SCTM SDLC SonarQube System Security Plan
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs