US Jobs US Jobs     UK Jobs UK Jobs     EU Jobs EU Jobs

   
This job has been posted for more than 30 working days and has expired.

Information System Security Manager (ISSM)

Description & Requirements

Maximus is looking for a Senior Information Systems Security Manager (ISSM) to join its team in Rosslyn, VA.

The ideal candidate will possess a deep understanding of information security principles, regulatory requirements, and industry best practices.

They will be adept at managing security controls, leading incident response efforts, and providing strategic guidance to technical teams.

The ISSM will also play a key role in fostering a culture of security awareness across the organization and representing the organization in interactions with external stakeholders, including government agencies, auditors, and vendors.

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

Key Responsibilities:


* Information Security Program Development:



* Develop, implement, and maintain a comprehensive information security program that includes policies, procedures, and guidelines to protect the organization's information assets.


* Regularly review and update the information security program to ensure it remains effective and aligned with industry best practices and regulatory requirements.

Regulatory Compliance:


* Ensure that the organization's information systems comply with all applicable security regulations and standards, including NIST, FISMA, and the Joint Special Access Program Implementation Guide (JSIG).


* Conduct regular audits and assessments to verify compliance and address any identified gaps.

Security Controls Implementation:


* Lead the implementation and maintenance of security controls, such as access controls, data encryption, and vulnerability management.


* Collaborate with IT and other departments to integrate security controls into existing and new systems.

Incident Response Management:


* Manage the organization's security incident response process, including the investigation of security incidents and coordination with internal and external stakeholders to resolve incidents.


* Develop and maintain an incident response plan, conduct regular drills, and ensure all relevant personnel are trained on incident response procedures.

Technical Guidance and Support:


* Provide guidance and support to technical teams in the development and implementation of security solutions and technologies.


* Stay current with emerging security trends, threats, and technologies to provide informed recommendations.

Risk Assessment and Mitigation:


* Conduct security risk assessments to identify potential threats and vulnerabilities.


* Develop and implement risk mitigation strategies to address identified risks, including the creation of risk management plans and the prioritization of security initiatives.

Documentation and Compliance:


* Generate and maintain documentation required for Risk Management Framework (RMF) processes, including Standard Operating Procedures (SOPs), security plans, risk assessments,...