Information Security Manager Salary in USA

Summary:Allyon, Inc. is an established IT and Healthcare Services firm and we love what we do! It makes our day when we are able to help talented individuals achieve their career goals while at the same time helping our clients build quality teams. If you are interested in joining the Allyon Team, please apply or submit your resume for review today! Job Title:Information Security ManagerDuties & Responsibilities:• Providing support to plan, coordinate, and implement the lab's information security• Providing support for facilitating and helping the lab identify its current security infrastructure and defining future programs, design and implementation of security related to lab systems• Assisting the efforts of security staff to design, develop, engineer and implement solutions to security requirements• Responsible for implementing and developing the DHS IT security• Gathering and organizing technical information about the lab's mission goals and needs, existing security products, and ongoing programs• Performing risk analyses which also includes risk assessment• Providing support to plan, coordinate, and implement the lab's information security• Providing support for facilitating and helping the lab identify its current security infrastructure and define future programs, design and implementation of security related to lab systems• Possessing and applying expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks• Has the ability to apply a comprehensive knowledge across key tasks and high impact assignments• Planning and leading major technology assignments• Evaluating performance results and recommending major changes affecting short-term project growth and success• Functioning as a technical expert across multiple project assignments.Minimum Requirements:• U.S. Citizenship• Must have an active TS/SCI clearance• Must be able to obtain DHS Suitability• A minimum of 5+ years of directly relevant experience in information security• Knowledge of Computer Network Defense (CND) policies, procedures, and regulations• Knowledge of defense-in-depth principles and network security architecture• Knowledge of boundary protection and enclaving• Knowledge of authentication and access management technologies• Knowledge of several of the following areas is required: Understanding of business security practices and procedures; current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current lab infrastructure technology• Ability to serve as an Information System Security Officer (ISSO)• Must be able to work collaboratively across physical locations.• BS Information Management, Cybersecurity, Computer Science, or related degree; or HS Diploma and a minimum of 7+ years information security experience.Other:• DHS experience• Cybersecurity skills including threat hunting.• Advanced knowledge of RMF framework• Experience working ATO's• Desired Certifications:• CISSO, CISM, CISSPWhat we Offer:• Competitive pay and benefits• 401k eligibility after 6 months, including company matchAllyon, Inc. is an equal employment opportunities (EEO) employer and terms of employment are without regard to race, color, religion, sex, national origin, age, disability or genetics. Allyon, Inc. complies with applicable state and local laws governing nondiscrimination in employment. This policy applies to all terms and conditions of employment.

Location: Westborough, MASalary: NegotiableDescription: Our client is currently seeking a Information Security Risk Manager/HYBRID 4 days ON SITE one off site at Metro-West/Boston locationReporting to the Director of Operational Risk, Information Security & Vendor Management, the Information Security Risk Manager is responsible for assisting the Director of Operational Risk, Information Security & Vendor Management with maintaining and continually enhancing the Bank's information security and second line testing programs. In particular, responsibilities include the development, coordination, implementation, governance, and ongoing management of enterprise-wide policy and controls. Responsibilities: •Utilize industry experience and knowledge to provide expertise and support to ensure the Bank's information security program remains in compliance with applicable standards and regulations, including evolving data privacy regulations. •Adhere/enhance control testing processes to ensure information security, risk, and vendor management policies are adhered to. •Assist with the management of cyber security compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber risk. Assist with completion and maintenance of the Bank's FFIEC Cybersecurity Assessment Tool and IT Risk Assessment. •Perform assessments of the current information security and Information Technology framework and develop guidance that addresses gaps. •Assist with development, evaluation, and adherence to IT, risk, and information security policies, standards, and procedures. Socialize policy & control recommendations to stakeholders across the enterprise in order to gain acceptance. •Support the completion of risk assessments of IT processes and products to ensure that they align with Bank policies and objectives. •Participate in information security, vendor management, and risk related projects and initiatives. •Assist with the collection and review of vendor due diligence materials in line with GLBA and TSP regulatory guidance. •Assist with tracking and resolution of internal audit and examination findings related to risk, information security, and vendor management. •Maintain and effectively utilize the Bank's Enterprise Risk Management Software System. •Assist with the annual facilitation of Incident Response tabletop exercises. •Organizes daily department activities and supervises Information Security staff. Conducts performance reviews and provides for ongoing guidance, training, and direction to staff in developing and implementing plans and objectives. •Stays up to date on industry trends, represents the Bank through active participation in community and industry organizations, and participates in user groups and conferences, as needed. •Performs related and unrelated duties as may be required. Qualifications: •5+ years of experience in Bank-specific information security, risk, and/or audit areas •Bachelor's degree •Comprehensive knowledge of technology auditing process, GLBA compliance requirements, and technology risk assessments •Internal Audit, IT Assurance, and/or FDIC/OCC Regulatory experience required •Working knowledge of applicable laws, regulations, and standards relating to security, data privacy, and vendor management •Knowledge of bank operations and bank technology applications •Effective communicator, relationship builder, and advocate for sound risk mitigation practice•Strong organizational skills •Management and supervisory experience required *Community banking (small to mid size Banks)*Interaction with regulators Info Secuirity (such as Patching, Vulnerability scanning, Systems) Contact: [email protected] job and many more are available through The Judge Group. Find us on the web at www.judge.com

Own Your Future. Modern Technology Solutions, Inc. (MTSI) is seeking a Senior Information Systems Security Manager (Sr. ISSM) in Dayton, OH.Why is MTSI known as a Great Place to Work?Interesting Work: Our co-workers support some of the most important and critical programs to our national defense and security. Values: Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry. 100% Employee Ownership: we have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year. Great Benefits - Most Full-Time Staff Are Eligible for: Starting PTO accrual of 20 days PTO/year + 10 holidays/yearFlexible schedules6% 401k match with immediate vestingSemi-annual bonus eligibility (July and December)Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement accountUp to $10,000 in annual tuition reimbursementOther company funded benefits, like life and disability insuranceOptional zero deductible Blue Cross/Blue Shield health insurance planTrack Record of Success: We have grown every year since our founding in 1993Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance. MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.For more information about MTSI, please visit www.mtsi-va.com.Responsibilities:The Information Systems Security Manager (ISSM) will serve as information security professional responsible for conducting information system security engineering activities that captures and refines information security requirements and ensures the requirements are effectively integrated into information systems. The candidate shall have the necessary experience to support the customer by independently executing the following tasks: • Provide technical input, recommendations and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations and other pertinent guidance. • Advise the ISO and PSO concerning the impact levels for confidentiality, integrity, and availability for the information systems. • Evaluate threats and vulnerability to information systems to ascertain the need for additional safeguards. • Review and approve information system security assessment plan which is comprised of the SSP, the SCTM, and the security control assessment procedures. • Ensure security assessments are completed for information systems. • Prepare the final Security Assessment Report (SAR) which includes assessment results and findings, at the conclusion of each security assessment activity. • Initiate a POA&M with identified weakness and suspense dates for each information system based on findings and recommendations from the sar. • Evaluate security assessment documentation and provide written recommendations for security authorization to the ao • Develop recommendation for authorization and submit the security authorization package to the ao. • Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization. • Provide purposeful security architecting, design, development, and configuration of information systems. • Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems. • Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. • Keep abreast of current and new security technologies and threats. • Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures or other options. • Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.Qualifications:• Minimum of 10 years of relevant DoD work experience• No less than three (3) years' experience in a SAP and/or SCI environment within the least five (5) years• Master of Arts/Master of Science/Master of Engineering (MA/MS/ME) degree• Must possess an active top secret security clearance, current within five years, based upon a single scope background investigation (SSBI) or SSBI periodic review and be eligible for sensitive compartmented information (SCI) and special access programs (SAP) accessADDITIONAL NOTES:• Experience working with platform integrated technology (PIT) is desirable#LI-DB1

Title: Information Security ManagerLocation: Remote (Austin, TX) Only Local candidates within State of Texas will be accepted for the role.Position will be 100% remote.Important Skills/Requirements:8 Years Extensive experience with working with and implementing NIST 800-37, NIST 800-53, MARS-E controls, POA&Ms, and developing Corrective Action Plans.8 Years Prepare impact assessment reports that document security breaches and the extent of the damage caused by the breaches. Create standard operating procedure documents in adherence to security policies and standards.8 Years Review violations of computer security procedures and discuss procedures with HHSC/TIERS Security team. Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.8 Years Skilled information technology professional with advanced experience developing and implementing IT policy, standards, and procedures.Preferred Skills:6 Years Ability to prepare concise written reports appropriate to the audience. Ability to communicate effectively verbally and in writing.6 Years Experience working with Archer GRC, Dynatrace, Splunk, Imperva Web Application Firewall, Qualys, and MS Office tools.4 Years Conduct research to recommend security enhancements and purchases of new security tools.3 Years Ability to train staff on network and information security procedures, processes, and information safeguarding.

Summary:Rogers Corporation is seeking an Information Security Manager to provide information security direction, leadership and oversight of key information security systems, platforms, and processes. This position will provide leadership and direction to key cybersecurity program components including but not limited to Security Architecture, Engineering, Implementation, and Tooling. Role will focus on defending against and/or mitigating cyber threats and IT compliance risks using a combination of IT security measures, controls, and policies. Use of network infrastructure devices and boundary defense systems using network and endpoint security tools and configurations. Apply experience to manage O365 and Azure/Microsoft-based technologies to help manage data and asset risk. Able to use data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. Flexibility in addressing various security problems across a disperse set of assets. Other duties as assigned. Essential Functions: Empowered to define and manage the cybersecurity and identity roadmap (IAM, PAM, TVM) on yearly basis to make sure the security posture remains current, and risks are appropriately managed. Lead efforts to ensure the effective implementation of infrastructure and application that relate to security architecture, policies and standards. Maintains organization's security effectiveness & efficiency by supporting strategic plans for implementing & supporting information technologies and championing information security strategy. Support compliance with various regulatory standards, such as Sarbanes Oxley, NIST and other compliance frameworks. Assists with annual budget preparation; helps define immediate and long-term goals, priorities, and operational plans, and provides strategic input and guidance on development and preparation of the enterprise cybersecurity budget. Familiarity with secure network communications practices and protocols for hybrid data center deployments. Familiarity with industry security frameworks including NIST, ISO, COBIT, and CISC Top 20 controls. Experience in a manufacturing environment Travel Requirement: 0%-10 % Qualifications: Bachelor's degree in computer science, Management/Computer Information Systems, or a related field (e.g., Information Technology, Computer Engineering, Electrical Engineering, Mathematics). Minimum 7 years of progressive IT security experience, with 3 years of security management experience. Network and Systems (Windows, Linux) Security and Security Operations Management experience. Application, SaaS, & Software Security experience. Leads and provides direction to cybersecurity technical professionals in complex day-to-day operational support of hardware, software, and cloud-based security tools. Proficiencies over half and familiarity with most of the following: Identity and Access Management (IAM) Privileged Access Management (PAM) Threat and Vulnerability Management (TVM) Technical Program Development and Maturity Security Architecture and Design Data Loss Protection (DLP) Cloud Platform / CASB Network Access Control (NAC) Firewalls and network security controls Operational Technology (OT) Security Security Operations tools including Security Incident and Event Monitoring (SIEM), Network Detection and Response (NDR), Endpoint Detection and Response (EDR), and Managed Detection and Response (MDR)

Location: Sacramento, CASalary: $137,300.00 USD Annually - $155,000.00 USD AnnuallyDescription: Our client is currently seeking a Manager - Information Security - CIAM Hybrid in Sacramento, CAPERM1.Experience with CIAM Solutions: Demonstrated proficiency in implementing and managing customer identity access management solutions, preferably with hands-on experience in leading CIAM platforms such as Okta, Auth0, or ForgeRock. 2.Identity and Access Management (IAM) Expertise: Strong understanding of IAM principles, including authentication, authorization, federation, and user lifecycle management, with the ability to translate business requirements into effective IAM solutions. 3.Customer-Focused Mindset: Proven track record of understanding customer needs and delivering solutions that enhance user experience while maintaining security and compliance standards. 4.Technical Proficiency: Deep understanding of identity protocols and standards such as OAuth, OpenID Connect, SAML, LDAP, and SCIM, along with experience in integrating CIAM solutions with various applications and systems. 5.Security and Compliance Knowledge: Thorough understanding of security best practices, privacy regulations (such as GDPR, CCPA), and compliance requirements related to customer data protection, with the ability to ensure CIAM solutions meet regulatory standards. 6.Project Management Skills: Experience leading CIAM implementation projects from initiation to completion, including requirements gathering, solution design, implementation, testing, and deployment, while managing timelines, resources, and stakeholders effectively. 7.Communication and Collaboration: Excellent communication skills with the ability to interact confidently with cross-functional teams, stakeholders, and senior management to articulate CIAM strategies, address concerns, and drive consensus on decisions. 8.Problem-Solving Abilities: Strong analytical and troubleshooting skills to identify and resolve complex CIAM issues, proactively mitigate risks, and optimize CIAM processes for scalability and efficiency. 9.Team Leadership: Demonstrated leadership capabilities in mentoring and guiding a team of CIAM professionals, fostering a collaborative and innovative work environment, and driving continuous improvement through knowledge sharing and skill development. 10.Continuous Learning Orientation: Commitment to staying updated on emerging trends, technologies, and best practices in CIAM, security, and identity management domains through self-study, training, and participation in relevant industry forums and events. 11.Develop and maintain an understanding of the pertinent regulatory requirements and risks inherent to job responsibilities, establish, and maintain control activities that mitigate those risks consistent with the risk appetite, and ensure operational integrity and compliance with applicable regulations. PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASKS: 1.Effective oral and written communication skills required to assure the ongoing security and protection of Information Technology and information assets. 2.Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as financial calculators, personal computer, facsimile machine and telephone. QUALIFICATIONS: Bachelor's Degree: A bachelor's degree in computer science, information technology, cybersecurity, or a related field is preferred. CIAM Certification: preferred Certification in CIAM or related areas such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Identity and Access Manager (CIAM) demonstrates expertise in the field. Experience: At least 5-7 years of experience in identity and access management, Information Technology, with a focus on customer identity management. 3 years direct supervisory experience. Technical Skills: Proficiency in identity protocols and standards (OAuth, OpenID Connect, SAML, LDAP, SCIM), CIAM platforms (Okta, Auth0, ForgeRock), and integration technologies (APIs, SDKs). Security Knowledge: Deep understanding of cybersecurity principles, including authentication methods, access control mechanisms, encryption, and secure coding practices. Compliance Expertise: Knowledge of privacy regulations (e.g., GDPR, CCPA) and industry standards (e.g., ISO 27001, NIST) related to customer data protection and compliance requirements. Project Management Experience: Proven experience leading CIAM implementation projects, including requirements analysis, solution design, implementation, testing, and deployment, with strong project management skills. Leadership Abilities: Demonstrated leadership skills in managing teams, fostering a collaborative work environment, and driving initiatives to meet organizational goals. Communication Skills: Excellent verbal and written communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders. Familiar with the suite of Office products in relation to presenting ideas and documenting processes. Analytical Thinking: Strong analytical and problem-solving skills, with the ability to analyze complex issues, identify root causes, and propose effective solutions. Customer Focus: A customer-centric mindset with a focus on delivering solutions that enhance user experience while ensuring security and compliance. Adaptability: Ability to adapt to changing business requirements, technology landscapes, and security threats, with a continuous learning mindset to stay updated on industry trends and best practices. LICENSES/CERTIFICATIONS: Information Security Certification preferred: 1.CISSP (Certified Information Systems Security Professional) 2.CISM (Certified Information Security Manager) 3.Certified Internal Systems Auditor (CISA) Contact: [email protected] job and many more are available through The Judge Group. Find us on the web at www.judge.com

CompanyFederal Reserve Bank of MinneapolisThe Federal Reserve Bank of Minneapolis is looking for experienced Information Security Manager to support the Bank in its role as a Fiscal Agent for the Department of Treasury and the Bureau of the Fiscal Service. In this role, you will lead a small team of security professionals and will serve as the Information System Security Officer (ISSO) role for a cloud based financial system. In the role of an ISSO, you will ensure that all relevant IT security requirements prescribed by the Federal Reserve and Fiscal Service are implemented and maintained throughout the lifecycle of the information system. Ideal candidates will have had previous experience with NIST based information security control and risk management frameworks as well as a commitment to delivering high-quality, prompt, and efficient services to stakeholders.Must be a U.S. citizen or lawful permanent resident alien with at least three (3) years of legal residency. This position does not offer employment-based visa sponsorship. The Minneapolis Fed believes in flexibility to balance the demands of work and life while also recognizing the necessity of connecting and collaborating with our colleagues in person. Onsite work is an essential function of this position, and you are expected to be in the office two (2) days per week for meetings and team collaboration.Responsibilities: Execute the full cycle of employment matters, including but not limited to those involving hiring, retention and performance optimization, salary recommendations, and decisions related to the termination of employment, as well as the documentation of these matters. Develop and evaluate the performance of staff, which includes managing staff to identify developmental assignments and training opportunities, working with individuals on their career goals, delegating responsibilities, providing feedback, and evaluating performance on any of the preceding duties.   Establish objectives and key results for the team and adjust direction as needed to respond to organizational strategies and priorities.Serve as the principal advisor to the System Owner, Authorizing Official, and Chief Information Security Officer (CISO) on all matters (technical and otherwise) involving security of assigned system(s) and/or service(s). Ensure necessary governance documentation (e.g., business case, technical addendum, Security Impact Analysis – SIA, Classification and Determinations Memo – CDM, etc.), reviews, approvals, and agreements for system(s) and/or service(s) are in place and kept up to date.  Ensure that management, operational, and technical security controls (inherited and system specific) are managed throughout the system development life cycle.Maintain an Ongoing Authorization to Operate (ATO) for assigned system(s) or an Ongoing Authority to Use (ATU) for assigned service(s) consistent with applicable policy, standards, procedures, and guidelines.  Execute ongoing or operational information security continuous monitoring activities per defined frequency and processes to identify, report, mitigate, and manage risks to maintain the overall security posture and support ongoing authorization decisions.Ensure that all data, privacy, records management, and other applicable requirements for the protection of sensitive and mission critical information within the assigned system(s) and/or service(s) are being met and followed.                                                       Ensure security incidents are promptly reported. Perform notification for any suspected security incidents in a timely manner and assist in the investigation of incidents if requested. Ensure responses to cyber security related data calls and audit requests are completed by the specified due dates. Maintain a high level of technical, operational, and cybersecurity knowledge including completing specialized training on an annual basis.   Represent the Bank at all levels across the System including participating and/or leading security-focused workgroups at the System Level. Influence decisions and strategic initiatives through this participation and translate relevant activities into concrete action plans for the Bank. Qualifications: Bachelor’s degree in information systems, computer science, or a related field with a minimum of (8) eight years of broad technical experience, with at (5) least five years in an information security role and at least (2) two years of direct supervision and people leadership responsibilities OR Master’s degree in information systems, computer science, or a related field with a minimum of (6) eight years of broad technical experience, with at (5) least five years in an information security role and at least (2) two years of direct supervision and people leadership responsibilities.Must have knowledge of, and experience with, the NIST 800 series publications including: 800-30, 800-37, 800-53, 800-53a, 800-60.Previous experience working in Federal IT Security and/or experience performing the duties of an Information System Security Officer (ISSO) is preferred. Working knowledge and experience designing, implementing, or supporting security controls or operational security support systems.Knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.Experience leading or supporting development, documentation and maintenance of security policies, processes, or procedures.Working knowledge of the methodologies to conduct threat-modeling exercises on cloud-based applications and services.Working knowledge and experience with cloud architectures and shared responsibility security models, with the ability to address the unique security considerations of cloud-based applications.Working knowledge of modern development and deployment workflows with experience securing CI/CD pipelines. Excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization.Ability to motivate, develop and lead a diverse team through collaboration and consensus to reinforce a culture of service, accountability, and innovation. Ability to handle sensitive and confidential matters. Highly effective organization, time management, and prioritization skills with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part.Commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and the Federal Reserve System. Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials. Additional Information:Salary Range: $135,000 - $168,749 - $202,500 Annually.Salary offer will be based on qualifications/experience of the candidate, alignment with market data, the needs of the position, our total compensation package, and internal equity.   Our total rewards program offers benefits that are the best fit for you at every stage of your career: Comprehensive healthcare options (Medical, Dental, and Vision) 401(k) match, and a fully funded pension plan Paid time off and holidays Free public transportation passes Annual educational assistance On-site fitness facility  Professional development programs, training, and conferences And more… ​Other Conditions Required:  For positions in Information Technology that support Treasury Services: The United States Treasury Department (Treasury) has imposed citizenship requirements for certain positions that support the Reserve Banks Treasury fiscal agency functions and/or spend time working on Treasury security sensitive matters. These positions have been risk rated by Treasury and incumbents must meet the corresponding citizenship requirements of the rating and provide acceptable documentation evidencing such. This Information Technology position provides access to Treasury security sensitive matters, is risk rated HIGH, and as such requires the incumbent be a U.S. citizen. The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.Full Time / Part TimeFull timeRegular / TemporaryRegularJob Exempt (Yes / No)YesJob CategoryInformation TechnologyWork ShiftFirst (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.Privacy Notice

The Information Systems Security Manager (ISSM) will be responsible for leading a team to execute risk management efforts against the CAO's inventory of on premise, vendor, and cloud-based systems.Key Responsibilities:Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.Assist in the execution and management of the Risk Management Framework (RMF) and advise ISSOs on proper application of cybersecurity policies and requirements.Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.Ensure that security improvement actions are evaluated, validated, and implemented as required.Identify alternative information security strategies to address organizational security objectives.Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.Participate in information security risk assessments during the Security Assessment and Authorization process.Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.Provide technical and procedural information system advice to risk management team.Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.Assume ISSO responsibilities in the absence of ISSO.Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.Maintain a working knowledge of system technology, security policies, and security safeguards.Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.Provide role-based training for assigned ISSOs specific to their roles and responsibilities.Brief senior management on the status of ISSOs and their assigned projects.Work with senior leadership to mature risk management processes.Develop and formalize risk management training for varied stakeholder groups.Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.Participate in the technical security evaluation and assessment of new technologies.Provide audit support to cybersecurity for audit activities and recommendations.Qualifications:8+ years of demonstrated work experience in cybersecurity risk management.Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.Current certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.Strong knowledge and expertise with NIST publications.Demonstrated experience providing quality A&A deliverables.Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.Understanding of management, operational and technical cybersecurity principles.Excellent written and oral communication skills.Must possess an active Secret Clearance.Preferred Qualifications:Experience with privacy principles and frameworks is preferred.

Own Your Future. Modern Technology Solutions, Inc. (MTSI) is seeking a Senior Information Systems Security Manager (Sr. ISSM) in Dayton, OH.Why is MTSI known as a Great Place to Work?Interesting Work: Our co-workers support some of the most important and critical programs to our national defense and security. Values: Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry. 100% Employee Ownership: we have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year. Great Benefits - Most Full-Time Staff Are Eligible for: Starting PTO accrual of 20 days PTO/year + 10 holidays/yearFlexible schedules6% 401k match with immediate vestingSemi-annual bonus eligibility (July and December)Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement accountUp to $10,000 in annual tuition reimbursementOther company funded benefits, like life and disability insuranceOptional zero deductible Blue Cross/Blue Shield health insurance planTrack Record of Success: We have grown every year since our founding in 1993Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance. MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.For more information about MTSI, please visit www.mtsi-va.com.Responsibilities:The Information Systems Security Manager (ISSM) will serve as information security professional responsible for conducting information system security engineering activities that captures and refines information security requirements and ensures the requirements are effectively integrated into information systems. The candidate shall have the necessary experience to support the customer by independently executing the following tasks: • Provide technical input, recommendations and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations and other pertinent guidance. • Advise the ISO and PSO concerning the impact levels for confidentiality, integrity, and availability for the information systems. • Evaluate threats and vulnerability to information systems to ascertain the need for additional safeguards. • Review and approve information system security assessment plan which is comprised of the SSP, the SCTM, and the security control assessment procedures. • Ensure security assessments are completed for information systems. • Prepare the final Security Assessment Report (SAR) which includes assessment results and findings, at the conclusion of each security assessment activity. • Initiate a POA&M with identified weakness and suspense dates for each information system based on findings and recommendations from the sar. • Evaluate security assessment documentation and provide written recommendations for security authorization to the ao • Develop recommendation for authorization and submit the security authorization package to the ao. • Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization. • Provide purposeful security architecting, design, development, and configuration of information systems. • Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems. • Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. • Keep abreast of current and new security technologies and threats. • Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures or other options. • Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.Qualifications:• Minimum of 10 years of relevant DoD work experience• No less than three (3) years' experience in a SAP and/or SCI environment within the least five (5) years• Master of Arts/Master of Science/Master of Engineering (MA/MS/ME) degree• Must possess an active top secret security clearance, current within five years, based upon a single scope background investigation (SSBI) or SSBI periodic review and be eligible for sensitive compartmented information (SCI) and special access programs (SAP) accessADDITIONAL NOTES:• Experience working with platform integrated technology (PIT) is desirable#LI-DB1

Own Your Future. Modern Technology Solutions, Inc. (MTSI) is seeking a Senior Information Systems Security Manager (Sr. ISSM) in Dayton, OH.Why is MTSI known as a Great Place to Work?Interesting Work: Our co-workers support some of the most important and critical programs to our national defense and security. Values: Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry. 100% Employee Ownership: we have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year. Great Benefits - Most Full-Time Staff Are Eligible for: Starting PTO accrual of 20 days PTO/year + 10 holidays/yearFlexible schedules6% 401k match with immediate vestingSemi-annual bonus eligibility (July and December)Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement accountUp to $10,000 in annual tuition reimbursementOther company funded benefits, like life and disability insuranceOptional zero deductible Blue Cross/Blue Shield health insurance planTrack Record of Success: We have grown every year since our founding in 1993Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance. MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.For more information about MTSI, please visit www.mtsi-va.com.Responsibilities:The Information Systems Security Manager (ISSM) will serve as information security professional responsible for conducting information system security engineering activities that captures and refines information security requirements and ensures the requirements are effectively integrated into information systems. The candidate shall have the necessary experience to support the customer by independently executing the following tasks: • Provide technical input, recommendations and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations and other pertinent guidance. • Advise the ISO and PSO concerning the impact levels for confidentiality, integrity, and availability for the information systems. • Evaluate threats and vulnerability to information systems to ascertain the need for additional safeguards. • Review and approve information system security assessment plan which is comprised of the SSP, the SCTM, and the security control assessment procedures. • Ensure security assessments are completed for information systems. • Prepare the final Security Assessment Report (SAR) which includes assessment results and findings, at the conclusion of each security assessment activity. • Initiate a POA&M with identified weakness and suspense dates for each information system based on findings and recommendations from the sar. • Evaluate security assessment documentation and provide written recommendations for security authorization to the ao • Develop recommendation for authorization and submit the security authorization package to the ao. • Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization. • Provide purposeful security architecting, design, development, and configuration of information systems. • Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems. • Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. • Keep abreast of current and new security technologies and threats. • Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures or other options. • Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.Qualifications:• Minimum of 10 years of relevant DoD work experience• No less than three (3) years' experience in a SAP and/or SCI environment within the least five (5) years• Master of Arts/Master of Science/Master of Engineering (MA/MS/ME) degree• Must possess an active top secret security clearance, current within five years, based upon a single scope background investigation (SSBI) or SSBI periodic review and be eligible for sensitive compartmented information (SCI) and special access programs (SAP) accessADDITIONAL NOTES:• Experience working with platform integrated technology (PIT) is desirable#LI-DB1