Cyber Security, Information Systems Security Manager (ISSM)

Job Description
Information systems critical to national security at one of the leading companies in Aerospace and Defense. Develop your Information Assurance (IA) career through hands on application, work with seasoned professionals, and a training and development plan designed to grow your skills in a fast paced, team-based environment.

This position will be located in Mt. Laurel, NJ. The qualified candidate will become part of BAE Systems, working with a highly complex computer system critical to the defense of the United States. As part of our team the successful candidate will support the US Navy's Aegis Combat System (ACS) research and development, shipboard ACS modernization efforts, new construction, and Fleet support efforts. Aegis is the Navy's premiere computer suite in detection, managing, command & control, directing sensors and putting weapons on target.

This is a hands-on technical role where you will be working on daily cyber security tasks most of your day while leading a team of Cyber Security personnel.

In this Cyber Security, Information Systems Security Manager (ISSM) opportunity you will make impacts in the following ways:

• Support adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
• Obtain and maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF).
• Support cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.
• Provide oversight for all classified systems compliance, and ensure the execution of our strong self-inspection program.
• Ensure all security certification and accreditation documents in relation to all classified systems are up-to-date.
• Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with cognizant security authority requirements are being implemented and met.
• Coordinate security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers
• Run and maintain the entire information assurance program for more complex efforts or area
• Translate operational requirements into technical requirements and architectures needed to meet program objectives
• Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques

Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site. This means work will be conducted on location at a BAE Systems facility 100% of the time.

Required Education, Experience, & Skills

• Minimum >10 years' Cybersecurity Policy & Strategic Planning.
• Atleast an Associate Degree from accredited University
• CNSSI 4011-Information Systems Security (INFOSEC) Professionals, CIN J-3B-0440 IP BASIC, CompTIA Security+
• Per Cyber IT/CSWF Workforce: NAVEDTRA 43360-2 - Information Professional (IP) Basic
• Secret Clearance Eligible. Must currently possess and maintain or be able to obtain and maintain an adjudicated Tier Five Background Investigation.
• Experience with Cyber Operational Readiness Assessment (CORA)
• High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
• Customer focused, excellent communicator and ability to work with limited supervision.
• Strong organizational skills
• Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
• Experience with the development of core documentation including System Security Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans.
• Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
• Experience with development and delivery of IA-related briefings and training material.
• Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
• Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Experience with conducting all aspects of a self-inspection
• Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Ability to function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems

Preferred Education, Experience, & Skills

• At least one certification from the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification Security Leadership (GSLC), Certified Chief Information Security Officer (CCISO)
• Run and maintain the entire information assurance program for more complex efforts or area
• Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Translate operational requirements into technical requirements and architectures needed to meet program objectives
• Experience with conducting all aspects of a self-inspection
• Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
• Prepared incident reports of analysis methodology and results
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
• Ability to function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems

Pay Information
Full-Time Salary Range: $115779 - $196825

Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.

About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.

Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.