Clearance: Active Secret or higher
Position Type: Full-Time / Exempt
Location: Huntsville, AL (not remote)
Salary: $130,000 - $180,000
Summit 7 is here to rise above the ordinary. The work we do here goes far beyond day-to-day projects - it further protects the US defense industrial base from cyber threats, fosters thought leadership, and creates growth opportunities. Our support staff, sales team and technicians are all coming together to make a difference. We also recognize that you're a person with life beyond work, that's why we invest in these meaningful health and welfare benefits:
* Excellent health/dental benefits from BCBS
* See into the future with our luxurious VSP vision benefits
* Prepare for the long-haul courtesy of our 401k with company matching
* Unlimited mobile phone plan
* 10 days' vacation, 7 days sick time
* Bonuses and salary increase potential via our certifications plan
We do cool work here, defying expectations by simply being who we are - each of us makes an impact.
Overview
The Senior Information Systems Security Manager (Senior ISSM) is a leadership role responsible for overseeing the implementation, management, and continuous improvement of the Risk Management Framework (RMF) process to ensure the security and compliance of organizational information systems. This individual will serve as the primary escalation point for complex security issues, provide strategic oversight, and lead the development of security policies, procedures, and documentation. The Senior ISSM will focus on the following key areas of responsibility:
* Corporate and Client Facing Risk Management Framework (RMF) Implementation
* eMASS Management and Compliance
* Information System Security
* Security Control Assessments
* Incident Response and Mitigation
* Continuous Monitoring and Reporting
Essential Responsibilities
* Ensure compliance with, and perform all functions as required, by 32 CFR Part 117.18(c)(2) and applicable parts of 32 CFR Part 117.18 - National Industrial Security Program Operating Manual (NISPOM).
* Oversee the end-to-end RMF process, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring in accordance with NIST SP 800-53 and DoD RMF guidelines.
* Lead the development, submission, and maintenance of RMF packages in eMASS, ensuring accurate documentation of security controls, risk assessments, and Plans of Actions and Milestones (POA&Ms).
* Develop, implement, and enforce security policies to protect classified and unclassified information systems, ensuring confidentiality, integrity, and availability.
* Conduct and oversee Security Control Assessments (SCAs) to validate the effectiveness of implemented controls, coordinating with Authorizing Officials (AOs) and system owners.
* Lead incident response efforts for security violations, breaches, or spills, ensuring proper reporting, mitigation, and documentation in accordance with DoD and organizational policies.
* Collaborate with personnel security teams to ensure user access aligns with clearance levels, roles, and need-to-know principles, enforcing least privilege and separation of duties.
* Educate staff on RMF requirements, security protocols, and information system security best practices.
* Implement and manage continuous monitoring strategies to identify and address vulnerabilities, ensuring systems remain compliant with RMF and organizational standards.
* Communication with clients as required; keeping them informed of progress, notifying them of impending changes.
* The candidate must be in Huntsville, AL with the ability to travel to S7 HQ whenever it is required.
Additional Responsibilities
* Unwavering commitment to delivering exceptional customer service.
* Educate internal staff on RMF packages, eMASS, etc. as needed.
* Ability to collaborate and communicate effectively with a team.
* Ensure requests are directed to the appropriate resource for prompt and efficient resolution.
* Responsible for timely and accurate entry of all time and expenses.
* Continuous learning, development, and enhancement of technical knowledge and credibility through industry standard certifications.
* Analyze and communicate information with others and regularly provide advice and recommend actions involving complex issues.
* Demonstrate professional attitude with client over the phone and through emails to resolve all client requests/questions.
* Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
* Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
* Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
Mandatory Qualifications
* Either an associate or a bachelor's degree in computer science (CS) or Management Information Systems (MIS) from a reputable institute, or a minimum of seven (7) years of experience with information systems security, with at least three (3) years in a senior or leadership role managing RMF processes in a DoD or government environment, or a combination of education and relevant experience.
* Extensive knowledge of RMF, NIST SP 800-53, eMASS, and DoD security policies, with proven experience in preparing systems for Authorization to Operate (ATO).
* Have a basic understanding of the Microsoft Cloud ecosystem.
* Ability to work independently and a strong desire for personal and professional development.
* Incredible customer service skills.
* S. Citizen.
* Background Investigation / Personnel Clearance (PCL).
* Pre-employment drug screening is required as we are a drug and alcohol-free workplace.
Desired Qualifications
* Knowledge of disaster recovery continuity of operations plans.
* Knowledge of incident response and handling methodologies.
* Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
* Experience with Microsoft 365 GCC High - Strong understanding of administration, security, and compliance requirements.
* Familiarity with CMMC 2.0 Level 2 - Knowledge of cybersecurity maturity requirements and implementation best practices.
* Proficiency in ServiceNow - Experience with IT service management (ITSM), Visual Task Boards (VTBs), Governance Risk & Compliance (GRC), and workflow automation.
* Relevant Certifications (Preferred) - CISSP, CISM, CAP, ISSEP.
The Senior ISSM must exhibit strategic thinking, attention to detail, and a deep understanding of RMF and DoD cybersecurity requirements. This role requires the ability to navigate complex regulatory environments, manage multiple systems through the RMF lifecycle, and maintain a proactive approach to physical and information system security.
The likely salary range for this position is $130,000 - $180,000. This is not, however, a guarantee of compensation or salary. Rather, the salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Work Conditions
The work environment is an office setting. This person must have the physical capacity to sit still for long durations with occasional movement within the office to access files or office equipment. This person must also have the technical skill to arrange an office space using the equipment provided. The person in this position regularly interacts with employees and clients through various modes of communication, such as emails, phone calls, video calls, etc. This person must have the communication skills to convey precise information in these situations.
Summit 7 Systems, Inc. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Summit 7 Systems requires background investigations. Any offer of employment is contingent upon the results of a reference/background check. We are a drug and alcohol-free workplace and require pre-employment drug screening.
#J-18808-Ljbffr