Director of Information Security
- Job Title
- Director of Information Security
- Job ID
- St. Louis, MO 63146
- Other Location
Director of Information Security
SSE is a leading technology company serving St. Louis, MO and Jacksonville, FL for over 30 years. We are a leading provider of aviation courseware development, technical publications, virtual training development, and training for military and commercial aircraft. We are seeking an Director of Information Security to join our team and be located in either St. Louis, MO or Jacksonville, FL.
The Dir. of Info Sec. is responsible for classified programs’ Cybersecurity/Risk Management Framework (RMF) in accordance with US Government directives. In addition this position will support SSE’s Commercial Network Services Business Unit in developing new security related products and services bringing the rigor of DoD security to commercial businesses.
- Implementation and oversight of certification & accreditation, lifecycle processes, configuration change management, account management, media control procedures and related documentation for all SSE locations.
- Candidates must be familiar with conducting internal self-inspections of the cybersecurity program, executing an effective cybersecurity program to include continuous system audit reviews, education and training and information system delivery and maintenance.
- Extensive knowledge and experience with assessment and authorization requirements as outlined in the NISPOM Chapter 8, DAAPM, RMF, ICD 503, JSIG, NIST RMF & STIG and other USG IS/Security-related policies
- Attainment of Dod 8570 IAM Level III or at least IAM Level II
- Active SECRET security clearance
- Ability to work in a team environment and deal effectively with changing project priorities
- At least 3 years’ experience as an ISSM implementing NISPOM Chapter 8, DAAPM, ICD503 and/or JISG IS requirements
- “This position must meet Export Control compliance requirements, therefore a “US Person” as defined by 22 C.F.R. § 120.15 is required.” US Citizen required
DAY TO DAY ACTIVITIES:
- Provide Information Systems Security Manager (ISSM) guidance and support to classified computers corporate wide at all locations.
- Develop/conduct risk assessment procedures for verification of Assessment and Authorization (A&A) RMF safeguards to meet various regulatory requirements based upon the JSIG RMF for DoD IT, plus ICD 503, JSIG, NIST & STIG guidelines
- Monitor cybersecurity Program compliance by performing periodic self-inspections, tests and reviews of the IS programs to ensure that systems are operating as authorized/accredited and that conditions have not changed
- Work with ISSO’s to ensure audit functions are performed properly
- Develop corrective solutions and maintain associated documentation
- Coordinate with the Facility Security Officer (FSO) and IT team members to define, implement and maintain an acceptable information systems security posture
- Assist program personnel at offsite locations to ensure they meet USG certification requirements and are properly trained to execute the cybersecurity program effectively and maintain security compliance
- Preparation and maintenance of security Assessment and Authorization documentation (e.g., IA Standard Operating Procedures (SOP), SSP, MSSP, RAR, SCTM)
- Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis.
- Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
- Maintain thorough understanding of NIST 800-53 controls, determines controls applicable to the application, and document implementation in Security Controls Traceability Matrix (SCTM).
- 40 hour work week
- 401k company match
- medical/vision/dental plans
- 8 paid holidays, 17 PTO days a year