Information Systems Security Manager (ISSM)

Please review the job details below.

We are currently seeking an Information Assurance Manager (IAM)/Information Systems Security Manager (ISSM). This role is based in our Palo Alto, CA office. In this role, you will be responsible for a portfolio of classified programs covering Collateral, Sensitive Compartmented Information (SCI). You will support information system full life cycle activities including scoping information systems for new programs, preparing accreditation/certification packages in accordance with relevant regulations and standards, maintenance and monitoring of operational systems, system upgrades and feature additions during program execution, and system decommission and de-certification activities.

Responsibilities:

• Responsible for ensuring Information System compliance with the potential to span multiple business areas or programs.
• Ensure system security measures comply with applicable government policies.  Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Maintain a thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
• Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
• Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
• Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
• Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
• Ensure that each SSP has been implemented, that the specified security controls are in place and properly tested, and that the IS is functioning as described in the SSP.
• Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
• Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
• Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
• Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
• Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
• Responsible for reporting compliance metrics to government CSA, Program Management, and Information System Owner.
• Manage, lead and provide security guidance and mentoring to a team of security professionals
• Oversee and coordinate insider threat program activities for assigned information systems in collaboration with the Insider Threat Program Manager.
• Ensure proper media sanitization, destruction, and accountability procedures are followed for classified storage devices and system components throughout the system lifecycle and during decommissioning activities.
• Coordinate security incident response activities for assigned systems, including timely reporting to appropriate government agencies (DCSA, NSA, etc.) and internal stakeholders.
• Oversee physical security integration with IS security requirements, ensuring proper coordination with facility security personnel.
• Manage COMSEC material accountability and cryptographic key management for assigned systems as applicable.
• Ensure compliance with TEMPEST/EMSEC requirements for SCI-level systems as applicable

Minimum Requirements:

• Must be a U.S. citizen with Active TS/SCI clearance and CI Poly

• Experience as an ISSM/ISSO implementing NISPOM Chapter 8, ICD 503, and/or JSIG IS requirements in an SAP/SCI environment
• CISSP and CISM certifications
• Ability to obtain GSLC certification within 6 months of hire
• Bachelor of Science degree
• 8 years of related IT security experience
• Minimum of 2 years related IT or security experience in a classified (SCI) environment
• Hands-on experience with SIEM tools (Splunk, Elastic, or similar) for log analysis and security event correlation
• Knowledge of Information Security or Information technology standards
• Experience with Risk Management Framework (RMF) including participation in assessment and authorization activities
• Experience conducting security audits and vulnerability assessments in operational classified systems
• Department of Defense Directive (DoDD) 8140 / 8570 Certification requirements (CompTIA Security+ CE or equivalent certification)
• Experience coordinating with government assessment teams (DCSA, NSA, Program Security Officers)

Preferred Qualifications:

• Experience with RMF Workflow Management Solutions such as XACTA, EMASS, or Service Now
• Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, ICD, DoD, or other Government Regulatory compliance standards within a professional industry
• Experience with Information Security tools including audit reduction, vulnerability management, change detection, network monitoring, etc. (ACAS, Nessus, HBSS, SPLUNK, RedSeal, Tripwire, DISA SCC and STIG Viewer)
• Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems
• Experience with both Windows and Linux operating environments
• Previous leadership experience
• Experience managing security incidents and coordinating response activities in classified environments
• Knowledge of DevSecOps practices and secure software development lifecycle in classified systems
• Experience with insider threat detection tools and procedures

In support of pay transparency at Lanteris Space Systems, we disclose salary ranges on all U.S. job postings.  The successful candidate’s starting pay will fall within the salary range provided below and is determined based on job-related factors, including, but not limited to, the experience, qualifications, knowledge, skills, geographic work location, and market conditions. Candidates with the minimum necessary experience, qualifications, knowledge, and skillsets for the position should not expect to receive the upper end of the pay range.

● The base pay for this position within California is: $123,000.00 - $205,000.00 annually.

For all other states, we use geographic cost of labor as an input to develop market-driven ranges for our roles, and as such, each location where we hire may have a different range.

We offer a comprehensive package of benefits including paid time off, health and welfare insurance, and 401(k) to eligible employees. More information on our benefits will be shared with candidates as they move forward in the recruitment process.

Additionally, this position is incentive eligible with a target based on contribution, company performance, and/or individual results achieved; the specific incentive plan and target amount will be determined based on the role and breadth of contributions.

The application window is three days from the date the job is posted and will remain posted until a qualified candidate has been identified for hire.  If the job is reposted regardless of reason, it will remain posted three days from the date the job is reposted and will remain reposted until a qualified candidate has been identified for hire. 

The date of posting can be found on the Lanteris Space Systems Career page at the top of each job posting.

To apply, submit your application via the Lanteris Space Systems Career page.

Lanteris Space Systems values diversity in the workplace and is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.