Information Systems Security Manager (ISSM)

Full Time
Arlington, VA
Areas of Interest: Information Assurance (IA) Compliance
report a problem
Overview

The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND’s research and analysis address issues that impact people everywhere, including security, health, education, sustainability, growth, and development. Headquartered in Santa Monica, California, RAND has close to 1,800 people from approximately 50 countries working in offices in North America, Europe, and Australia, with annual revenues of more than $308 million.

RAND is nonprofit, nonpartisan, and committed to the public interest.  Our research is sponsored by government agencies, charitable trusts, and community nonprofits. In addition, we rely on philanthropic support to pursue visionary ideas; address critical problems that are under-researched; shape emerging policy debates; and devise innovative approaches for solving acute, complex, or provocative policy challenges. RAND values objectivity and integrity in both its research processes and internal interactions. We emphasize a collegial environment that respects the contributions and dignity of all staff.

Position Description
The Information Systems Security Manager (ISSM) is responsible for meeting RAND Corporation’s Assessment and Authorization (A&A) requirements, performing as the ISSM for classified information systems; executes required functions as defined by the National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICD)/Joint Air Force, Army, and Navy (JAFAN) standards, and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the Security Manager/ Facility Security Officer (FSO) supports systems and services for individuals within the accredited systems and collaborates with the ISSMs at the other RAND facilities.

Duties and Responsibilities:
  • Coordinates, implements and ensures that proper procedures are followed in accordance with the NISPOM & Industrial Security Field Operations (ISFO) Manual, ICD’s and RANDs Security Manual and procedures, DoD and other applicable government sponsor regulations
  • Establishes, documents, implements and monitors the classified Information Systems (IS) Security Program, related procedures for the facility, and ensures facility compliance with requirements for IS
  • Develops and implements Master System Security Plans (MSSP), Information System Profile, Network System Security Plan (SSP) and addendums
  • Ensures computer systems meet DISA, ICD/JAFAN, and NISPOM standards
  • Documents hardware and software upgrades and changes in the classified information system to accurately maintain security records per DSS’s configuration management/change management process
  • Manages and maintains system access and training for all classified systems
  • Briefs staff on regulatory and local system requirements prior to user access to classified systems
  • Supports a wide range of security issues including architectures, tempest and security access
  • Supports the FSO for DSS, DISA, DIA and other government Inspections
  • Assesses changes to a classified IS by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed (the ISSM leads the effort and ensures that corrective action is taken for all identified findings and vulnerabilities)
  • Ensures established protocols are followed for the investigation(s) and resolution of security issues associated with IS
  • Ensures compliance with current STIGs
  • Works with system administrators to ensure audit functions are performed properly
  • Conducts administrative inquiries/investigations into anomalies found during audit trail analysis
  • Advises management on integration and support related to providing customer support for classified systems
  • Participates in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for classified systems
  • Manages the development of standard computer configurations to meet RAND business needs for classified systems
  • Interfaces with and supports clients in the operation of the classified systems
  • Investigates, documents, and reports computer security incidents in a timely manner; responsible for all incidents reporting to DSS and/or the cognizant security agency
  • Interacts regularly with Information Systems Security Officer (ISSO) and functionally responsible to the FSO on the IS Security Program and interrelated security issues

Qualifications

  • Knowledge of the NISPOM, ISFO Process Manual, ICD’s, JAFAN and associated industrial security regulations, policies, STIGs and laws.
  • Extensive knowledge of DSS and other federal government network security processes and procedures
  • Familiar with encryption technologies, penetration and vulnerability analysis of various security technologies, and information technology security research
  • Knowledge of Microsoft Office products or similar software packages
  • Strong understanding of operating system (PC, Mac, Linux) and audit log aggregator software
  • Able to configure laptops/desktops, install applications, setup network infrastructure and troubleshoot as required
  • Knowledge of and experience with SIPRNet, JWICS and VoIP systems
  • Excellent oral and written communications skills required for correspondence, reports, briefings, and procedures

‚ÄčEducation Requirements

  • Bachelor's degree in an associated discipline
  • Must have successfully completed ISSM training course from Defense Security Services
Experience
  • At least three years’ experience in Information Technology (IT) in a classified environment, or a minimum of two years’ experience as an ISSM/ISSO in government/industrial security 
  • Experience working with federal/government agencies or defense contractors
  • Experience interfacing with DSS and other government representatives as the ISSM
Security Clearance
A current Top Secret clearance is required.

 
RAND is an Equal Opportunity Employer Minorities/Females/Vets/Disabled



Share this job:

RAND Corporation

Objective Analysis. Effective Solutions.
The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND’s research and analysis address issues that impact people everywhere, including security, health, education, sustainability, growth, and development. Headquartered in Santa Monica, California, RAND has approximately 1,700 people from more than 45 countries working in offices in North America, Europe and Australia, with annual revenues of more than $260 million.

RAND is nonprofit, nonpartisan, and committed to the public interest.  Our research is sponsored by government agencies, foundations, other nonprofit organizations, and the private sector. We rely on philanthropic support to reach beyond the scope of client-sponsored work to tackle questions that may be too big, too complex, or too new for our clients to address. RAND values objectivity and integrity in both its research processes and internal interactions. We emphasize a collegial environment that respects the contributions and dignity of all staff.
Visit RAND Corporation's Social Media pages:
Company Industry: Think Tanks
Company Type: Non Profit
Company Size: 1,001-5000
One other job with this company: