Information Systems Security Manager RFP

Job Description

This position is contingent upon award.

The Information Systems Security Manager will support cybersecurity in development of controls that would be applicable for Capital Project design, procurement, and operation phases.

Responsibilities:

Identify information management risks and develop necessary mitigation actions.

Support cybersecurity in development of cyber security controls for operations.

Develop production IT and Cyber systems plans that follow NNSA Defense Programs Business Process Systems (DPBPS) requirements and nuclear security enterprise (NSE) best practices.

Develop production IT and Cyber systems plans that will support the short term and long-term goals.

Develop production IT and Cyber systems plans that will support production operational technologies (OT) and their associated quality, security and nuclear enterprise assurance (NEA) requirements.

Requirements:

Experience in applying NIST and DOE guidance to IT/Cyber programs. This includes but is not limited to:

NIST SP 800-37 Risk Management Framework for Information Systems and Organizations.

NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security.

NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations.

NIST SP 800-160 vol 1&2 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems.

Ability to design, develop, implement, and oversee the cybersecurity controls and response for a Tactical Operations Center (TOC)/Security Operations Center (SOC).

Understanding of classified and unclassified cybersecurity needs and the ability to work with Derivative Classifiers, Records Management, Information Technology, and other data and security related organizations.

Experience managing the implementation of security controls established by applicable contract requirements, U.S. Department of Energy (DOE) directives, NIST guidance, system security plans (SSPs) and supporting policies, plans and procedures.

Experience ensuring plan of actions and milestones (POA&Ms) are prepared and completed for program and/or system level cybersecurity deficiencies found during internal and external assessments.

Experience ensuring personnel with cybersecurity responsibilities are trained on cyber security requirements, operations, safeguards, and incident handling procedures.

Experience with the identification and documentation of organization-specific threats to information systems and information in coordination with the operations security (OPSEC) program.

Experience providing cybersecurity self-assessments and evaluations.

The ability to obtain a Q clearance is required.

Work in United States

Employment Options

Professional Experience

Skills

• Derivative Classifiers
• Records Management
• Information Technology