AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing, and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values, and dedicated to our customers’ mission.
AT&T has an opening for an Information System Security Manager,to support a National Security contract. The ISSM is responsible for leading the Information Assurance (IA) team and overseeing compliance as stipulated by various USG requirements including (but not limited to): Director of Central Intelligence Directives (DCID), Intelligence Community Directive (lCD) 503 and associated NIST publications.
The job duties of the Information System Security Manager (ISSM) are as follows:
As an Information Assurance (IA) professional on the contract, the ISSM is responsible for the cybersecurity of the program, organization, system, or enclave. These responsibilities include all RMF deliverables and overall Assessment, and Authorization tasks required to maintain Authority to Operate (ATO) for customer assets on contract.
- Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
- Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
- Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Interpret and/or approve security requirements relative to the capabilities of new information technologies.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Required to become proficient on the Customer’s Assessment and Authorization tool to track and document the RMF steps
TS/SCI with poly (#ts/sci) (#polygraph)
- Candidate must have 7 years of experience that can be a combination of work history and education. This equates to:
- Doctorate and 3 years of experience; OR
- Masters and 2 years; OR
- Bachelors and 4 years; OR
- Associates and 6 years; OR
- HS and 7 years.
- Must have one of the following certifications to meet minimum requirements for DoD 8570 IAT Level 3 certification requirements:
- Certified Chief Information Security Officer Certification (CCISO)
- Certified Cloud Security Professional (CCSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Cisco Certified Network Professional Security (CCNP Security)
- CompTIA Advanced Security Practitioner (CASP+)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Expert (GSE)
- GIAC Security Leadership (GSLC)
- ISACA Certified Information Systems Auditor (CISA)
- SCP Security Certified Network Architect (SCNA)
Leadership, soft skills (experience with customer briefings), highly organized, problem solving, and self-motivated).
Ready to join our team? Apply Today!
Job ID 2243788 Date posted 09/20/2022