Senior Information System Security Manager - Chameleon Consulting Group
Herndon, VA
About the Job
Company Overview
CCG delivers solutions to the most challenging problems our nation faces in cyberspace. We combine extensive cyber tradecraft with a principled, innovative, and asymmetric approach to deliver unparalleled results. Excellence is our standard and mission success is our metric.
Role
As a CCG Senior ISSM, you will be directly embedded with Program Management and Developer Team Leads. Additionally, you will be responsible for driving security innovation and implementation as part of the project as a whole. The role also entails the establishment and maintenance of ATO packages and their associated artifacts. We are looking for a passionate information security professional who flourishes at being in the forefront of new ideas and has a desire to learn and apply automated and cutting-edge practices.
*This is an on-site position that will require full time presence in Herndon, Virginia; there is a potential for tele-work within the position.
Responsibilities
- Manage and develop artifacts as part of a Government Authorization to Operate (ATO), supporting classified cloud, CI/CD, and Infrastructure as Code high risk environments.
- Create and update artifacts (i.e. SSP, hardware/software lists, PPSM, SCTM).
- Maintain communication with project management/engineers on the implementation of security controls and policy enforcement.
- Engage with the security control assessor (SCA) from the authorizing official (AO) office, to negotiate the balance of mission needs and cybersecurity.
- Support the maintenance of ATO packages in classified areas.
- Evaluate, develop and/or implement information assurance guidelines and procedures as required.
- Recommend security solution mitigations and enhancements supporting information assurance guidelines and customer requirements.
- Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.
- Establish programmatic support plans ensuring the continuing accreditation of mission critical systems.
- Ensure that all information systems meet or exceed compliance requirements.
- Identify, report, and ensure the resolution of security violations.
- Monitor and review the IA needs for classified environments.
Minimum Qualifications
- Active TS Clearance// SCI with ability to obtain Poly
- Current DoDM 8570 IAM Level III Certification
- 8 years of experience working as an ISSM
- Strong program management skills, the ability to communicate with team members and stakeholders clearly and effectively. Ability to implement programmatics and manage multiple systems, ATOs, and mission requirements while maintaining stakeholder expectations.
- Has experience, and is confident in, auditing and performing control assessments on Classified, and Cloud systems.
- Fluent in understanding the Risk Management Framework (RMF)
- Solid understanding of the System Development Life Style (SDLC)
- Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammates
- Independent and diligent with their assigned work
- Knowledge of government classified contract requirements from an information security perspective
- Experience using scanners (i.e. ACAS, Nessus, SonarQube)
- Demonstrated experience having taken multiple packages from creation to full ATO, and experienced in ISA's and ATC.
- Must be eligible for employment in the United States
Preferred Qualifications
- Certified Information Systems Security Professional (CISSP)
- Ability to identify needed changes to processes and activities and help to implement continuous improvement solutions
- Experience working with JSIG system ATOs.
- Have experience creating various types of vulnerability and assessment scans with multiple tools
- Experience using eMASS or Xacta
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.