Information Security Risk Manager Jobs in Colorado

The ISSMs primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. The position will provide day-to-day support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.

Performance shall include:

• Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures.

• Develop and oversee operational information systems security implementation policy and guidelines of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint.

• Special Access Program Implementation Guide (JSIG) authorization process.

• Advise customer on Risk Management Framework (RMF) assessment and authorization issues.

• Perform risk assessments and make recommendations to DoD agency customers.

• Advise government program managers on security testing methodologies and processes.

• Evaluate authorization documentation and provide written recommendations for authorization to government PMs.

• Develop and maintain a formal Information Systems Security Program.

• Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties.

• Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation.

• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.

• Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning.

• Maintain and/or applicable repository for all system authorization documentation and modifications.

• Institute and implement a Configuration Control Board (CCB) charter.

• Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents.

• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system.

• Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements.

• Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training.

• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed.

• Assess changes in the system, its environment, and operational needs that could affect the authorization.

• Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview.

• Review AIS assessment plans.

• Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization)

• Conduct periodic assessments of the security posture of the authorization boundaries.

• Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented.

• Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs)

• Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination.

• Ensure all authorization documentation is current and accessible to properly authorized individuals.

• Ensure that system security requirements are addressed during all phases of the system life cycle.

• Develop Assured File Transfers (AFT) on accordance with the JSIG.

• Participate in self-inspections.

• Conduct the duties of the Information System Security Officer (ISSO) if one is not present and/or available.

Experience:

• 5+ years related experience.

• Prior performance in roles such as ISSO or ISSM.

• SAP experience desired

Education:

• Bachelors degree OR Associates degree in a related area + 2 years experience OR equivalent experience (4 years)

Certifications:

• IAT Level II (Security+ CE, CCNA Security, etc.) or IAM Level II - within 6 months of hire

Security Clearance:

• TS with ability to obtain TS/SCI prior to start, and willingness to submit to a CI polygraph.

Other Requirements:

• Must having working knowledge of DoD, National and applicable service and agency security policy, manuals and standards

• Must be able to regularly lift up to 50lbs.