Information System Security Manager (ISSM)

    • Job Tracking ID: 85347-342915KS2
    • Job Location: Colorado Springs, CO
    • Job Level: Mid Career
    • Level of Education: BA/BS
    • Job Type: Full-Time/Regular
    • Date Updated: 06/08/2022
    • Years of Experience: 5 - 7 Years
    • Travel Requirement: Domestic
    • Compensation: $120,000.00 To 145,000.00
Invite a friend
facebook LinkedIn Twitter Email


Job Description

Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers’ toughest challenges. We are a trusted partner—driven by doing the right thing and achieving maximum success for our customers, our partners and ourselves.

 

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings—from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.

 

At Kratos, we encourage an entrepreneurial spirit balanced with fiscal and operational discipline. We work hard, we solve hard problems, and we look out for and take care of our customers, each other and our families. Protecting and enabling our nation and global customers through innovative aerospace solutions is what motivates us. We continually build trusted relationships with our peers, our partners and customers, and we take ownership for our actions—always doing the right thing.

 

Position Description:   

Kratos S2 is looking for an Information Systems Security Manager (ISSM), to support the Agile Cyber Development and Sustainment (ACDS) program.  The ISSM will lead and support other Information System Security professionals in execution of information assurance programs through security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and Security Controls Traceability Matrix (SCTM). Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. The successful candidate will be able perform vulnerability/risk assessment analysis to support A&A as well as provides configuration management (CM) for information system security software, hardware, and firmware.

This position requires in-depth knowledge of the governments risk management framework (RMF) as outlined in various publications. The ISSM also serves as the local authorizing official for all ACDS cyber security issues. The ISSM is the primary interface with government agencies regarding assigned cyber security matters and requirements. 

Regulatory Authority:

This position based on the various DoD Directives; specifically, DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; Intelligence Community Directive Series 500/600/700; National Institute of Standards and Technology (NIST) publications 800 series; Executive Orders 13556, 13636 and the Joint Special Access Program Implementation Guide Rev 4 and Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs).

Primary Responsibilities:

  • In coordination with the government, develops and maintains an ACDS cybersecurity program and associated policies.
  • Leverages guidance pertinent to all applicable directives and publications.
  • Obtains guidance and approval from the appropriate authorizing official.
  • Responsible for generation and maintenance of RMF documentation.
  • Plays an active role in monitoring a system and its environment of operation to include developing and updating the system artifacts, managing, and controlling changes to the system, and assessing the security impact of those changes.
  • Reviews and updates all artifacts for each unique system ensuring ATO compliance.
  • Coordinates with CPSO on approval of external information systems.
  • Maintains, per individual system and its accreditation, a baseline of configuration, hardware, software, and firmware.
  • Develops, maintains, and executes information system continuous monitoring plan.
  • Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
  • Ensures data ownership and responsibilities are established for each IS and specific requirements (for example, accountability/access/special handling requirements) are enforced.
  • Maintains a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Ensures adherence to these information system security policies and procedures.
  • Ensures proper procedures are followed, per the Cyber Incident Response Plan, when information system security incidents are discovered.
  • Ensures the development and implementation of an effective information system security education, training, and awareness program. Ensures initial, annual, and as-needed training is accomplished and documented.
  • Conducts review of audit reports collected and reports anomalies to leadership. Ensures events captured are as outlined in applicable directives and publications.
  • Liaises between KratosS2 and government authorities regarding system security posture requirements.
  • Work with government stakeholders to resolve computer security incidents and vulnerability compliance.
  • Work with government sponsors/ISSMs to plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
  • Directs information system security inspections, tests, and reviews. Ensures leadership understands inspection timelines, operational impacts, and results.
  • Schedules periodic testing to evaluate the security posture of information systems.
  • Coordinates with disinterested parties to employ various intrusion attacks.
  • Ensures all system security-related vulnerabilities are documented and ensure serious/unresolved violations are reported to the AO/DAO.
  • Reviews results with Kratos S2 ACDS leadership for possible remedies, as necessary.
  • Oversees the operation, maintenance, and disposition of IS according to the policies and procedures outlined in the body of evidence for each system.
  • Advises users on the proper operation of a specific IS as outlined in its SCTM.
  • Assists SAs in the approved maintenance procedures as approved by the ATO.
  • Provides guidance, based on component classification, before purging and release.
  • Assesses changes to the system and operational needs that could affect its accreditation.
  • Updates system diagrams according to configuration control board direction.
  • Oversees monitoring of available resources that provide warnings of system vulnerabilities or ongoing attacks to ensure system administrators (SA) compliance.
  • Confirms domain/local policies are configured to meet regulatory requirements.
  • Monitors system backup and recovery processes to ensure security features and procedures can be properly restored and are functioning correctly.
  • Ensures they and any ISSOs under their purview are appointed, in writing, and assigned duties commensurate with their expertise. Assumes the ISSOs responsibilities in the absence or if no ISSO is assigned.
  • Reviews duty requirements and research technical/security training to be obtained.
  • Ensures ISSOs receive the appropriate training to carry out their duties.

Experience and Skills

Required Qualifications:

  • BS or MS Degree in Information Technology, Computer Science, related field, or equivalent experience
  • DoDD 8570.01 IAM level III certifications:
  • 3+ years as an ISSM
  • Experience in preparing detailed System Security Plans (SSP) for Government approval to achieve Approval to Operate (ATO) objectives.
  • Knowledge of new and emerging IT and cybersecurity technologies.
  • Team player and capable of working in a fast-pasted, team environment
  • Excellent organizational and communication skills and the ability to effectively interact with managers and technical staff.
  • Active Top-Secret security clearance

 

Desired Qualifications:

  • Familiarity with Python, C/C++
  • Familiarity with ACAS
  • Familiarity with XACTA RMF software

Job Benefits

  • Medical
  • Dental
  • Vision
  • Tax Savings Accounts (HSA / FSA)
  • Life Insurance
  • Short Term Disability
  • Long Term Disability
  • Employee Assistance Program
  • 401k
  • Employee Stock Purchase Plan
  • PTO
  • Education Assistance Program
  • Paid Holidays
Kratos Defense is an Equal Opportunity Affirmative Action Employer. EOE, Minorities, Females, Vet, Disabled, Sexual Orientation, Gender Identity or any other protected class.
All qualified job seekers are encouraged to apply. Kratos Defense is committed to America's veterans by providing opportunities for them to continue contributing after service to our nation. We also work to provide reasonable accommodations to individuals with disabilities.
EEO Is The Law

Disability Accessibility Accommodation
If you require an accommodation to navigate or apply to our careers site, please send your request to HRAccessibility@kratosdefense.com or call 858-964-2916. Any inquires not related to requesting an accommodation will be discarded.

Pay Transparency
The company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

Job Applicant Privacy Notice
For applicants in the EU and California residents, please review our privacy notice.