(671) RMF Information Security Systems Manager (ISSM)

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future.

Position Overview

The Department of War's (DoW) Chief Digital and Artificial Intelligence Office (CDAO) is at the forefront of supporting the DoW with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. These ground-breaking endeavors bring new challenges to the assessment of DoW IT systems that previously did not exist.

Seeking an RMF Information Security Systems Manager (ISSM) and Subject Matter Expert to support mission critical Amazon Web Services (AWS) contract utilizing all facets of the RMF in a DevOps environment. This pioneering domain presents unique challenges, necessitating skilled ISSMs to maintain system security and oversee cyber implementation. The role demands accountability for upholding security standards across the organization, navigating the evolving landscape of defense technology and safeguarding sensitive information crucial to national security. To be successful in this position the candidate must possess a firm understanding of statutory guidance such as statutory guidance including 570.01 (Information Assurance Workforce Improvement Program), DoDI 8500.01 (Cybersecurity), DoD Directive 8140.03 (Information Systems Security Manager – DoD Cyber Exchange), and NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations). Additional certification in Amazon networking specialty or AWS Solutions Architect – Professional or AWS CloudOps Engineer – Associate a plus.

Work Location: Full time hybrid. 3 days in the office and 2 days working from home office. Candidates in the Washington DC Metropolitan area preferred. Travel requirements will vary with location, however, expect approximately 10% to 25%.

Clearance: Active TS SCI Eligible

Successful candidates should be able to:

• Deep expertise in AWS cloud security, architecture, and governance is essential to successfully lead risk management, maintain compliance, and support secure system authorization decisions.

• Expertly Implements and Manages Cybersecurity Controls: Implement and manage controls across all system lifecycle phases, ensuring alignment with DoD 8500.01 and NIST 800-53 requirements to maintain robust security posture, tailored risk mitigations, and full alignment with DoW cybersecurity directives and OVL processes.

• Security Policy Development: Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.

• Risk Management: Conduct risk assessments and identify potential vulnerabilities and threats to information systems. Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents.

• Security Planning and Implementation: Collaborate with system administrators, network administrators, and other stakeholders to plan and implement security measures for information systems. This includes establishing security controls and standards for information systems including Continuous Monitoring.

• Incident Response and Management: Develop and implement incident response procedures to reconstitute system operations to address security incidents and breaches.

• Assurance and Resiliency: Ensure compliance with relevant security standards, regulations, and frameworks. Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement.

• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including security plans, risk assessments, and incident reports. Provide regular reports to management on the status of information security and any identified risks or vulnerabilities.

Job Responsibilities and/or Success Factors

• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program.

• Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoW senior leadership.

• Coordinate with the contractor's insider threat senior program official so that insider threat awareness is addressed in the contractor's information system security program.

• Develop, document, and monitor compliance of the contractor's information system security program in accordance with CSA-provided guidelines for management, operational, and technical controls.

• Verify self-inspections are conducted at least every 12 months on the contractor's information systems that process classified information, and that corrective actions are taken for all identified findings.

• Certify to the CSA in writing that the systems security plan (SSP) is implemented for each authorized information systems, specified in the SSP; the specified security controls are in place and properly tested; and the information system continues to function as described in the SSP.

• Brief users on their responsibilities with regard to information system security and verify that contractor personnel are trained on the security restrictions and safeguards of the information system prior to access to an authorized information system.

• Reporting of status and metrics for body of evidence and authorization conditions.

• Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.

• Conduct risk assessments and identify potential vulnerabilities and threats to information systems.

• Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents.

Education and Minimum Qualifications

• Must have an active TS/SCI Clearance

• Bachelor’s degree in computer science/information technology, or other related degree fields (Master’s Degree is preferred or at least 10 years of related experience)

• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.

• At least one IAT/IAM level III or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP

• Experience working with OSD leadership or Military component or branch.

• Excellent communication/presentation skills briefing senior military and government civilian leadership.

• Experienced with writing policies, guides, procedures.

• Experience in hands on with eMASS, Xacta and/or other GRC tools.

• Experience with Federal and FedRamp A&A Processes.

• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.