Information System Security Manager (ISSM)

Raytheon-Rafael Area Protection Systems (R2S), a dynamic and fast-growing joint venture between Raytheon and Rafael, is seeking a results-driven Information System Security Manager (ISSM) to support execution of major defense programs—most notably the Iron Dome AUR production, Marine Corp Medium Range Intercept (MRIC) and future Air Defense systems.

The R2S Information Systems Security Manager (ISSM) is responsible for compliance oversight, assessment, and operations of systems under their purview. They will be assigned responsibility under multiple programs and will shape and enforce the overall information security compliance posture across both unclassified and classified systems. The R2S ISSM will also be responsible for all collateral Classified Information System (CIS) within R2S to include any systems located remotely at the Arlington HQ as well as at the Camden Manufacturing Site per Commercial and Government Entity (CAGE) code.

The ISSM will conduct recurring unclassified and classified Cybersecurity reviews on information systems in accordance with DoD Manuals, NIST Special Publications, customer directives, and company policies as applicable (see list below for further details**) to include all cybersecurity audits required by these publications and those performed as a best practice.

Duties:

· Complete all DCSA and R2S required training within 6 months of appointment (annual requirements thereafter).

· Accountability for all systems under site CAGE: metrics, eMASS, Continuous Monitoring (ConMon), and in-house system for unclassified system tracking

· Maintaining a working knowledge of all CIS functions, security policies, technical security safeguards, and operational security measures.

· Author and maintain security policies and procedures as required, to include conducting required training for the company.

· Interactions with DCSA SCA/ISSP to track items including, but not limited to, upcoming authorizations (ATO), new technologies solutions (i.e., new SIEM, OS, etc.), policy interpretations), and onsite A&A.

· Developing, maintaining, and updating, in coordination with all system stakeholders (CS Manager, ISO, DT, etc.), applicable site POAM(s) to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions.

· Coordinating DCSA Security Reviews (SR) preparation activities for assigned CAGE in conjunction with site FSO/CS Manager.

· Collaborate with Digital Technology Lead for support to unclassified digital technology maintenance, administration, and security.

· Collaborate with the R2S FSO on maintaining a unified and coherent security architecture

· Collaborate with team members to ensure all budgetary and resource requirements are being appropriately planned for all activities

Qualifications:

· Typically require a Bachelor’s degree with eight (8) years of relevant cybersecurity, network security, and/or information technology experience or an advanced with five (5) years of relevant experience as described below.

· Ability to operate the single point-of-contact and SME for information security within R2S

Experience supporting cybersecurity compliance as stipulated by the DAAG, Joint SAP Implementation Guide (JSIG), NISPOM regulations, CMMC L2 requirements, and NIST Controls

· IAM Level II certification DoD 8140 (8570) must be obtained within six months of hire.

· Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Relevant Experience Considered:

· Cybersecurity, systems security and hardening

· Compliance-based auditing using the Risk Management Framework (RMF)

· Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics)

· Project or program management, office management, senior administration, or account management

Preferred Qualifications:

· Master’s Degree in Computer Science, Information Systems, Information Technology, Cyber Security, or other relevant degree

· Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc.

· Experience working with U.S. defense prime contractors

· Experience in the oversight and execution of the Assessment & Authorization processes (Certification & Accreditation), as defined in DAAG/JSIG/RMF/NIST

· Experience in the execution and management of Information System’s (IS) incident response.

· Experience in and execution of a continuous monitoring/improvement program

· Experience providing technical security expertise and oversight for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT)

· Experience with any of the following: NISPOM, JAFAN 6/3, DCID 6/3, JSIG/RMF, and ICD-503, NIST or equivalent requirements to include technical computer/network system auditing

· Experience in professional engagements with internal and external customers