Vencore is a proven provider of information solutions, engineering and analytics for the U.S. Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems.
Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do.
Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories
The ISSM serves as the focal point and principal advisor for information system security (INFOSEC) matters for Vencore/Analex. This includes responsibility for the development, implementation, and evaluation of the overall INFOSEC program at Vencore/Analex; ensures that projects are conducted according to the required security guidelines; monitors and verifies that appropriate security procedures are conducted and documented for all activities; assumes responsibilities of the Information System Security Officers (ISSO) when required; and coordinates regularly with other ISSOs and System Administrators of specific classified projects to ensure compliance with security policies and procedures.
Specific, but not all responsibilities of this position are defined in following two documents:
1. Chapter 8 of the National Industrial Security Program: Operating Manual, DOD 5220.22-M, 2006 revision, 8-103 and 8-104 (see Attachment 1).
2. Intelligence Community Directive 503, 15 Sept. 2008
The Information System Security Manager (ISSM) is responsible for the administration and coordination of information systems used for DoD or other industrial security programs and activities to ensure compliance with government and company security policies and procedures.
• As a member of the Security team, establish, manage and administer systems in Closed, Restricted, SCIF and SAPF areas per NISPOM Chapter 8, ICD 503, JAFAN, or Risk Management Framework (RMF) guidelines.
• Prepare systems for accreditation in accordance with government standards and templates and submit as required by customer (e.g., OBMS, XACTA).
• Develop and administer IT security programs and procedures for classified and proprietary materials, documents, and equipment in coordination with government agencies and management personnel.
• Review and implement federal security regulations for systems in classified spaces.
• Determine or obtain rulings, approvals, interpretations, and acceptable deviations from regulations for IS compliance with government agencies.
• Follow and enforce procedures for handling, storing, and recordkeeping, and for granting personnel and visitor access to restricted records and materials.
• Prepare and conduct IS specific security education classes and security audits.
• Works with FSOs, program managers, personnel, and government personnel to investigate security violations and prepare reports specifying what occurred and preventive and/or disciplinary action to be taken.
• Conduct security self-inspections, physical security surveys, and threat/vulnerability assessments on classified systems.
• Interface with government customers on IS security related issues.
• Ensure that classified information entrusted to the company is properly safeguarded as outlined in federal controlling instructions. Responsible for preparation and management of pre-audit activities, and interfacing with government customers (e.g., DSS and NRO) during audits.
• Support the Corporate Insider Threat Program; assist FSOs as required.
Requires 10 to 12 years with BS/BA or 8 to 10 years with MS/MA or 5 to 7 years with PhD.
**Qualifed candidates must be a U.S. Citizen, and curently hold at a minimum an ACTIVE DOD Secret clearance and must be eligible for a Top Secret U.S. Government Security Clearance with SCI (TS/SCI).**
• CISSP or other computer security certification is required. Computing Environment Certification in accordance with DoD 8570.01M must be obtained within six months of hire.
• Excellent interpersonal, oral, and written communications skills
Extensive experience in INFOSEC, current knowledge of security program requirements and security operation guidelines, a technical background, attention to detail, project management experience, and good communication and interpersonal skills are critical for this position. Understanding of system security technical issues as well as experience in Windows and Linux/UNIX Cluster administration skills, License File Maintenance and basic networking is required for this position.
*This position is based in Brook Park, OH, with an occasional trips to the Washington DC area are required as well.