RAND

Corporate Information Systems Security Manager (ISSM)

Pay$117700.00 - $179700.00 / year
LocationPittsburgh/Pennsylvania
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: R2667

      Job Type:

      Regular

      Corporate Information Systems Security Manager (ISSM)

      The Project Manager and Corporate Information Systems Security Manager (ISSM) is the technical lead and is responsible for assigning Information Systems Security Managers (ISSMs) and Information Systems Security Officers (ISSOs) to projects for delivering classified systems projects on time and within budget and scope while also providing oversight of all of RAND Corporation’s Authorization and Accreditation (A&A) requirements which include maintaining policies and procedures, Cyber Operational Readiness Assessment (CORA) and Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessment (SVA) readiness by collaborating with the ISSMs at RAND facilities.

      Additionally, the position will ensure that all classified information systems remain accredited, execute required functions as defined by the DCSA A&A Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICD)/ Joint Special Access Program (SAP) Implementation Guide (JSIG) standards, and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the Executive Director, Security & Classified Operations and Chief Security Officer, Security Managers, Facility Security Officers (FSO), and services for individuals within the accredited systems.

      Duties

      • Leads the system architecture design planning and applies required technical controls to new and existing systems undergoing upgrades and changes.
      • Coordinates internal resources and third parties/vendors for the execution of classified systems projects
      • Ensures that all projects are delivered on-time, within scope and within budget.
      • Develops project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility.
      • Develops a detailed project plan to track progress using appropriate verification techniques to manage changes in project scope, schedule and costs.
      • Performs risk management to minimize project risks.
      • Leads the Technical implementation and monitoring of the NISPOM & DCSA A&A Process Manual (DAAPM), ICD’s, JSIG, NIST 800-171, and RAND’s Security Manual and procedures, and DoD and other applicable government sponsor regulations for classified systems.
      • Develops corporate policies to support and enforce DCSA, DISA, ICD/JSIG, and NISPOM standards.
      • Enforces compliance with current Security Technical Implementation Guides (STIGs) for all applicable systems.
      • Establishes, communicates, and improves the classified Information Systems (IS) Security Program
      • Leads and is responsible for the preparation and sustainment for internal self-inspections, DCSA, DISA, DIA and other government Inspections.
      • Assesses changes by performing periodic self-inspections, tests and reviews of the classified IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed (leads the effort and ensures that corrective action is taken for all identified findings and vulnerabilities for each site).
      • Manages the development of standard computer configurations to meet RAND business needs for classified systems.
      • Leads the team by providing the project oversight and technical solutions in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for classified systems.
      • Establishes and ensures protocols are followed for the investigation(s) and resolution of security incidents.
      • Directs other ISSMs, ISSOs and system administrators to ensure audit functions are performed properly and ensures administrative inquiries/investigations into anomalies found during audit trail analysis are initiated/completed.
      • Develops and implements the Master System Security Plans (MSSP), Information System Profile, Network System Security Plan (SSP) and addendums for the facility, and reviews other RAND facilities plans for consistency.
      • Chairs the RAND classified computer support/configuration control review board.
      • Interfaces with and supports clients in the operation and security of the classified systems.

      Basic Qualifications

      • Experience with Routers Switches, servers and laptops/desktops, install applications, setup networks i nfrastructure, apply security controls
      • Experience writing Systems Security Plans, and classified system Accreditation packages
      • Working knowledge of the DAAPM, NISPOM, ISFO Process Manual, ICD’s, JAFAN and associated industrial security regulations, policies, STIGs and laws

      • Extensive knowledge of federal government network security processes and procedures

      • Strong understanding of operating system (PC, Linux) and audit log aggregator software

      • Familiar with encryption technologies, forensics, penetration and vulnerability analysis of various security technologies and information technology security research

      • Must have and maintain a DoD 8570 (Information Assurance Workforce) IAM level 2 certification (e.g. GSLC, CISM, or CISSP)

      • Must have successfully completed Risk Management Framework (RMF) training course from DCSA

      • Must be able to pass a background check

      Education

      High School Diploma or GED required.
      BS/BA degree preferred.

      Experience

      At least 7 years relevant experience required with a BA/BS degree.
      In lieu of BS/BA degree, at least 11 years of relevant experience required.

      Location

      Santa Monica, Pittsburgh, or Washington D.C.

      Security Clearance

      Must meet eligibility requirements for access to U.S. government classified information.

      Positions Open

      One

      Salary Range : $117,700 - $179,700

      RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate’s work experience, education/training, skills, expertise; and internal equity. The salary range includes base pay plus RAND’s sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.

      Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet

  • About the company

      RAND Corporation is an American nonprofit global policy think tank created in 1948 by Douglas Aircraft Company to offer research and analysis to the United States Armed Forces.

Other job opportunities

chief information security officer remote jobs
corporate travel agent job remote work from home
remote corporate counsel jobs
clinical research manager - remote varian medical systems lancaster2c pa
medical information remote
Information Systems Security Manager remote jobs
More information about RAND