Information Systems Security Manager

Leidos is currently seeking an ISSM to join our team in Arlington, VA. This position is fully on-site and requires an active TS/SCI for consideration.

The Information System Security Manager (ISSM) will work with a team to identify, assess, and prioritize risks to DISA and DoD mission partners, as well as develop risk mitigation strategies to increase the security posture of systems, networks, programs, and data in the face of internal and external threats. This role involves implementing and administering information security policies, procedures, and technologies, as well as supporting the development of creative solutions to complex technical challenges. The ISSM ensures classified and unclassified systems, assets, and enclaves possess the necessary security measures to ensure their confidentiality, integrity, and availability while adhering to DoD, DISA, and National Institute of Standards and Technology (NIST) approved cybersecurity and Risk Management Framework (RMF) policies, standards, and guidelines.

Primary Responsibilities:

• Coordinates, reviews, validates, and approves all activities, which contribute to the Assessment and Authorization (A&A) of automated information systems. 
• Address physical security matters to information assessments, security tests and evaluations, preparation of Contingency Plans, and administration of Life Cycle Management and Configuration Management documentation. 
• Conduct cyber situational awareness activities and provide actionable recommendations.
• Assess system vulnerabilities, implement risk mitigation strategies, and validate secure systems.
• Ensure systems and services are configured in compliance with Risk Management Framework (RMF), STIGs, and JSIG Rev 4 standards.
• Implement SOPs and periodically tests recovery procedures to ensure recovery procedures are operational. 
• Recommend and implement changes to IT systems in accordance with DoD directives.
• Function as a technical specialist and assess the risk management security and contingency planning programs. 
• Implement SOPs and periodically tests recovery procedures to ensure recovery procedures are operational. 
• Coordinate development of Systems Security Contingency Plans and Disaster Recovery Procedures.
• Develop and implement training and awareness programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures
• Prepare and deliver briefings for senior leadership on cybersecurity strategies and findings.
• Support continuous improvement of monitoring capabilities, automation, and security enforcing functions

Qualifications:

• Active DoD TS/SCI clearance with eligibility for CI Poly.
• DoDI 8570 IAM Level III/ IAT Level III Certification
• BS and 8-12 years of prior experience, add'l experience may be considered in lieu of degree
• Knowledge of NIST SP 800-37, CNSSI 1253, FIPS 199 and NIST SP 800-53
• Experience in Risk Management-Experience doing Plan of Actions and Milestones (POA&M) tracking
• Experience creating metrics
• Experience with DOD eMASS and the Risk Management Framework (RMF) accreditation processes
• Knowledge of the DoD Risk Assessment Methodology (DRAM)
• Excellent communication skills with the ability to translate technical concepts for non-technical audiences.
• Expert in creating presentations and presenting policies, guidance, and procedures regularity

Preferred Qualifications:

• Knowledge of cloud environments, common vulnerabilities, and technologies.
• Experience with tools such as ACAS, and Splunk.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.