Corporate Information Systems Security Manager (ISSM)

Job Type: Regular Corporate Information Systems Security Manager (ISSM) The Project Manager and Corporate Information Systems Security Manager (ISSM) is the technical lead and responsible for assigning Information Systems Security Managers (ISSMs) and Information Systems Security Officers (ISSOs) to projects for delivering classified systems projects on time and within budget and scope while also providing oversight of all of RAND Corporation?s Authorization and Accreditation (A&A) requirements which include maintaining policies and procedures, Cyber Operational Readiness Assessment (CORA) and Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessment (SVA) readiness by collaborating with the ISSMs at RAND facilities. Additionally, the position will ensure that all classified information systems remain accredited, execute required functions as defined by the DCSA A&A Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM... Intelligence Community Directives (ICD)/ Joint Special Access Program (SAP) Implementation Guide (JSIG) standards, and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the Executive Director, Security & Classified Operations and Chief Security Officer, Security Managers, Facility Security Officers (FSO), and services for individuals within the accredited systems. Duties Leads the system architecture design planning and applies required technical controls to new and existing systems undergoing upgrades and changes. Coordinates internal resources and third parties/vendors for the execution of classified systems projects Ensures that all projects are delivered on-time, within scope and within budget. Develops project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility. Develops a detailed project plan to track progress using appropriate verification techniques to manage changes in project scope, schedule and costs. Performs risk management to minimize project risks. Leads the Technical implementation and monitoring of the NISPOM & DCSA A&A Process Manual (DAAPM), ICD?s, JSIG, NIST 800-171, and RAND?s Security Manual and procedures, and DoD and other applicable government sponsor regulations for classified systems. Develops corporate policies to support and enforce DCSA, DISA, ICD/JSIG, and NISPOM standards. Enforces compliance with current Security Technical Implementation Guides (STIGs) for all applicable systems. Establishes, communicates, and improves the classified Information Systems (IS) Security Program Leads and is responsible for the preparation and sustainment for internal self-inspections, DCSA, DISA, DIA and other government Inspections. Assesses changes by performing periodic self-inspections, tests and reviews of the classified IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed (leads the effort and ensures that corrective action is taken for all identified findings and vulnerabilities for each site). Manages the development of standard computer configurations to meet RAND business needs for classified systems. Leads the team by providing the project oversight and technical solutions in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for classified systems. Establishes and ensures protocols are followed for the investigation(s) and resolution of security incidents. Directs other ISSMs, ISSOs and system administrators to ensure audit functions are performed properly and ensures administrative inquiries/investigations into anomalies found during audit trail analysis are initiated/completed. Develops and implements the Master System Security Plans (MSSP), Information System Profile, Network System Security Plan (SSP) and addendums for the facility, and reviews other RAND facilities plans for consistency. Chairs the RAND classified computer support/configuration control review board. Interfaces with and supports clients in the operation and security of the classified systems. Basic Qualifications Experience with Routers Switches, servers and laptops/desktops, install applications, setup networks infrastructure, apply security controls Experience writing Systems Security Plans, and classified system Accreditation packages Working knowledge of the DAAPM, NISPOM, ISFO Process Manual, ICD?s, JAFAN and associated industrial security regulations, policies, STIGs and laws Extensive knowledge of federal government network security processes and procedures Strong understanding of operating system (PC, Linux) and audit log aggregator software Familiar with encryption technologies, forensics, penetration and vulnerability analysis of various security technologies and information technology security research Must have and maintain a DoD 8570 (Information Assurance Workforce) IAM level 2 certification (e.g. GSLC, CISM, or CISSP) Must have successfully completed Risk Management Framework (RMF) training course from DCSA Must be able to pass a background check Education High School Diploma or GED required. BS/BA degree preferred. Experience At least 7 years relevant experience required with a BA/BS degree. In lieu of BS/BA degree, at least 11 years of relevant experience required. Location Santa Monica, Pittsburgh, or Washington D.C. Security Clearance Must meet eligibility requirements for access to U.S. government classified information. Salary Range: $117,700 - $179,700 RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate?s work experience, education/training, skills, expertise; and internal equity.?he salary range includes base pay plus RAND?s sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more. Positions Open One Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet RAND is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND?s research and analysis address issues that impact people everywhere, including security, health, education, sustainability, growth, and development. Headquartered in Santa Monica, California, RAND has approximately 1,775 people from approximately 55 countries working in offices in North America, Europe and Australia, with annual revenues of $356.2 million. RAND is nonprofit, nonpartisan, and committed to the public interest. Our research is sponsored by government agencies, international organizations, and foundations. We rely on philanthropic support to pursue visionary ideas; address critical problems that are under-researched; and devise innovative approaches for solving acute, complex, or provocative policy challenges. RAND values objectivity and integrity in both its research processes and internal interactions. We emphasize a collegial environment that respects the contributions and dignity of all staff. RAND's reputation is built on quality and objectivity. RAND provides an exciting intellectual environment and opportunities for career growth. We hire highly qualified applicants and provide challenging assignments. Diversity is an essential operating principle at RAND. We look for unique backgrounds, original views, and diversity in academic training, work experience, and ideological outlook. We are committed to Equal Opportunity and Affirmative Action. RAND is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please contact Human Resources at (310) 393-0411 or at jobs@rand.org and let us know the nature of your request and your contact information