Cybersecurity Information System Security Manager (ISSM), Senior

Thank you for your interest in Torch Technologies. We're an award-winning, 100% employee-owned company based in Huntsville, Alabama. Recognized as a top 100 defense company, we're dedicated to supporting our nation's military. Our guiding principle, "Lighting the Pathway of Freedom," reflects our commitment to excellence, cooperation, integrity, and reliability. As a Certified Evergreen ESOP, our dedication is to continuously develop and maintain our company's success for the next century, securing a prosperous future for our employee-owners for generations to come. Join Torch and be a part of shaping the future!

Job Title

Cybersecurity Information System Security Manager (ISSM), Senior

Location

Texas - San Anton Randolph AFB - San Antonio, TX US (Primary)

Job Description

Torch Technologies is seeking a Cybersecurity Information System Security Manager (ISSM) (Senior) to join a team that conducts advanced planning to achieve/maintain Authority to Operate (ATO) for systems assigned to the Air Force Human Resources Systems Division. This includes performing reviews and monitoring of Risk Management Framework (RMF) packages and oversight of 30K+ Common Control Indictors from the assessment of 4.8K Security Technical Implementation Guide checklist items, as outlined in the National Institute of Standards and Technology special publications, to ensure confidentiality, integrity, and availability of IT systems. This person will be responsible for accomplishing the 6-Step RMF process, developing test scripts, answering RMF controls in the Enterprise Mission Assurance Support Service (eMASS), developing security documentation, and other activities required to obtain an ATO for assigned systems. This position supports the AFLCMC/GB Business and Enterprise Systems Directorate (BES)/GBH Human Resources Systems Division at Randolph AFB, TX.

Responsibilities:

This position requires a highly motivated individual with experience in ensuring the appropriate operational security posture is maintained for the assigned IT. This includes the following related to maintaining situational awareness and initiating actions to improve or restore cybersecurity posture:

• Reviews and monitors security controls required to obtain an Authority to Operate (ATO) for assigned systems.
• Completes and maintains required cybersecurity certification IAW AFMAN 17-1303.
• Implements and enforces all AF cybersecurity policies, procedures, and countermeasures.
• Ensures all users have the requisite security clearances and need-to-know, complete annual cybersecurity training, and are aware of their responsibilities before being granted access to the IT according to AFMAN 17-1301;
• Maintains all authorized user access control documentation IAW the applicable AF Records Information Management System.
• Ensures software, hardware, and firmware complies with appropriate security configuration guidelines, e.g., security technical implementation guides/security requirement guides.
• Ensures proper configuration management procedures are followed prior to implementation and contingent upon necessary approval.
• Coordinates changes or modifications with the system-level ISSM, SCA, and/or the Wing Cybersecurity office; and,
• Reports security incidents or vulnerabilities to the system-level ISSM and wing cybersecurity office according to AFI 17-203, Cyber Incident Handling.

ESSENTIAL DUTIES/POSITION DESCRIPTION:

The successful candidate will provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST) and per Authorization Official's Information System's Continuous Monitoring (ISCM) strategy.

This position requires a highly motivated individual with ISSM experience to include the below job duties:

• Ensures the integration of cybersecurity into, and throughout the lifecycle of the IT, on behalf of the AO and in accordance with DoDI 8510.01 for the following:
• Completes and maintains required cybersecurity certification IAW AFMAN 17-1303;
• Ensures all AF IT cybersecurity-related documentation is current and accessible to properly authorized individuals;
• Supports the PM or ISO in maintaining current authorization to operate, approval to connect (if required), and implementing corrective actions identified in the plan of actions and milestones;
• Coordinates, with the PM and AO staffs, development of an ISCM strategy and monitors any proposed or actual changes to the system and its environment;
• Continuously monitors the IT and environment for security-relevant events;
• Assesses proposed configuration changes for potential impact to the cybersecurity posture
• Assesses the quality of security controls implementation against performance indicators;
• Ensures cybersecurity-related events or configuration changes that impact AF IT authorization or adversely impact the security posture are formally reported to the AO and other affected parties, such as IOs, stewards, and AOs of interconnected IT;
• Ensures all ISSOs and privileged users receive necessary technical training and obtain cybersecurity certification IAW AFMAN 17-1301, Computer Security (COMPUSEC), AFMAN 17-1303, and maintain proper clearances IAW DoDI 8500.01; and,
• Ensures the AF IT is acquired, documented, operated, used, maintained, and disposed of properly IAW DoDI 5000.02 and DoDI 8510.01.

Job Requirements

Required Qualifications:

• Education
  
  
  
  • Master's or Doctorate Degree in a related field and 10 years of experience in the respective technical/professional discipline being performed, 5 years of which must be in the DoD.
  • OR Bachelor's Degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, 5 of which must be in the DoD.
  • OR 15 years of directly related experience with proper certifications as described in the PWS labor category performance requirements, 8 of which must be in the DoD.
  
  
  
  
• Specific Work Experience
  
  
  
  • Extensive knowledge and proficiency with the Risk Management Framework (RMF) and in accomplishing the 6-steps of the RMF process
  • Experience with developing test scripts and answering security controls in eMASS
  • Expert knowledge and proficiency with Cybersecurity best practices
  • Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies
  • Experience with the implementation of new IT/Business System technologies to include but not limited to Cloud Infrastructure and Enterprise Resource and Planning (ERP) systems.
  • Must have experience with NIST SP 800-53 Security controls and the understanding of control implementations.
  • Must be willing to learn and use cybersecurity testing tools.
  
  
  
  
• Certifications
  
  
  
  • At a minimum, the successful candidate will meet the requirements IAW the DoD Cyber Workforce Framework (DCWF) foundational requirements to obtain and sustain a cybersecurity certification In accordance with DAFMAN 17-1305 DAF Cyberspace Worforce Management Program and must have and maintain one of the following Advanced ISSM certifications:
    
    
    
    • Certified Information Security Manager (CISM by ISACA) (Preferred)
    • Certified Information System Security Professional (CISSP by ISC2) (Preferred)
    • Certified Information Systems Security Officer (CISSO by UAT)
    • Federal IT Security Professional-Manager-NG (FITSP-M by FITSI)
    • GIAC Certified Incident Handler (GCHI by GIAC)
    • GIAC Certified Intrusion Analyst (GCIA by GIAC)
    • GIAC Cloud Security Automation (GCSA by GIAC)
    • GIAC Security Leadership Certification (GSLC by GIAC)
    • Global Industrial Cyber Security Professional (GICSP by GIAC)
    
    
    
    
  
  
  
  
• Security Clearance
  
  
  
  • Ability to obtain and maintain a DoD Secret Security Clearance.
  
  
  
  
• U.S. Citizenship required.

Preferred Qualifications:

• The following skills are highly desirable but not required for this position:
  
  
  
  • Agile principles, methodologies, and enabling technologies, e.g., CheckMarx, SonarQube, Fortify, Jira, Confluence, Kanban, Scrum, Jira, Jenkins, and Bitbucket.
  
  
  
  

U.S. Citizenship Required for this Position: Yes

Job Type: Regular

Security Clearance: Secret

Schedule: M-F; 8-5

Work Location: Randolph AFB, Texas

Travel: Yes, 0-10%

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

Benefits:

Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law. Torch Technologies, Inc. participates in E-Verify.

#LI-EW1

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access https://torchtechnologies.hua.hrsmart.com/ats as a result of your disability. You can request reasonable accommodations by sending an email to HR@torchtechnologies.com. Thank you for your interest in Torch Technologies.