Skip to Main Content
← Back to Jobs

Information Systems Security Manager (work from home office available)

Total Resource Management Alexandria ,VA
  • Posted: over a month ago
  • $90,000 to $100,000 Yearly
  • Full-Time
  • Benefits: 401k, dental, life_insurance, medical
Job Description

Position Description:

Information Systems Security Manager (ISSM), as part of a larger team, will play a key role in managing and overseeing Certification & Accreditation (C&A) activities and stakeholder engagement in support of TRM’s cloud practice (Commercial and FedRAMP).

Work from home option is available, as long as it is determined that you have what are deemed adequate home office accommodations and your home office is physically based in the USA (any of the 50 states).

The work is fast paced, exciting, and full of opportunity for members of this team to truly make a difference. There's a tremendous opportunity to work and collaborate with highly talented people, process, and cutting edge technology.

Job Responsibilities:

  • Work effectively with internal operations team, cloud clients, cloud partners, and third-party auditors to maintain certification and accreditation (C&A) compliancy as they relate to ISO, SSAE, and FedRAMP.

  • Maintain day-to-day security posture and continuous monitoring of Cloud Service Offerings (CSOs) including security event log review and analysis.

  • Ensure system security measures comply with applicable C&A policies.

  • Maintain thorough understanding of NIST 800-53 controls, and determine which controls are applicable to C&A compliancy.

  • Provide support to the Information Systems Security Officer (ISSO), Authorizing Official (AO), and System Owner for maintaining appropriate operation information assurance (IA) posture for the CSOs.

  • Conduct reviews and technical inspections (as prescribed by the ISSO) to identify and mitigate potential security weaknesses and ensure that all security features applied to the CSOs are implemented and functional.

  • Assist the ISSO and operations teams (DevOps and SecOps) in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities.

  • Maintain System Security Plan (SSP) and associated artifacts.

  • Oversee security related continuous monitoring activities (e.g., PENTEST, IDS, IPS, Nessus, SIEM) to remediate any security findings, and to support SOC, ISO, auditing and reporting

  • Participate, execute, and document the reports for DR testing/validation exercises

  • Assist in the development, updating, and on-going refinement of policies, procedures, and processes that support and secure the CSOs.

     

Required Skills, Experience, Education and Credentials:

  • Must be U.S. citizen

  • Must be able to obtain background security clearance as required by SAAS cloud clients

  • B.S. in Computer Science, Engineering, MIS, or equivalent

  • Experience as an ISSM with 3+ years of experience in Security Operations and Administration

  • Technical and analytical writing skills required

  • Strong communication and organizational skills required

  • Must be able to multi-task, work independently, but at the same time contribute and work effectively towards team objectives

     

Desired, not required Skills, Experience, Education and Credentials:

  • Certifications in the area of Security Operations such as but not limited to PMP, Security+, SSCP, CASP+, CISA, or CISSP.

  • Experience in the information security/assurance planning, design, implementation, administration, continuous monitoring, and operational support of large-scale enterprise cloud systems

  • Experience in the FedRAMP authorization framework or similar C&A frameworks (e.g. Risk Management Framework)

  • General/conceptual knowledge of server operating systems (Linux and Windows), Routers, Switches, Firewalls, VPN, Load Balancers, Virtualization (hypervisors, virtual machines, provisioning), Enterprise Backup/Recovery, DR/COOP, High Availability, DNS, LDAP, SSO, SSL, FTP, Web Services

  • General/conceptual knowledge of infrastructure and system monitoring tools with the ability to effectively instrument to enable various alerting and reporting to support availability and performance SLAs – Qradar experience highly desirable

  • Experience with Cloud Service Providers responsible for products and services involving IaaS, PaaS, and SaaS

  • General/conceptual knowledge of security related activities involving system/network hardening, PENTEST, IDS, Nessus scanning, Identity Management, SIEM, SOC/ISO reporting

  • General/conceptual knowledge in performing, analyzing vulnerability scanning, compliance (CIS based) scanning, and remediating identified risks per vulnerability management policies and procedures

  • General/conceptual knowledge of Maximo software

  • General/conceptual knowledge of TRIRIGA software

  • General/conceptual knowledge of WebSphere, DB2, and Oracle

     

Miscellaneous Issues

  • Must be willing to travel as required. Anticipated travel is less than 25%.

  • Must be willing to support teleconferences, web conferences, and/or any work activity across all time zones as required/requested

Company Description
https://www.trmnet.com/

Total Resource Management

Why Work Here?

Great benefits, great people, and exciting work!

https://www.trmnet.com/

Address

5695 King Centre Drive
Alexandria, VA
USA

Website

What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

What email should we contact you at once we get salary info from the hiring manager?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

Our qualification feature is only available to registered members - what email address would you like for us to keep on file?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.