Be an Early Applicant
Ignite innovation from within and deliver leading-edge solutions.
The Role
The Information Systems Security Manager (ISSM) leads a team in risk management for IT systems, advises on cybersecurity posture, and manages compliance and authorization processes.
Summary Generated by Built In
Business Technology Integrators (BTI) is seeking an Information Systems Security Manager (ISSM) to lead a team in executing risk management efforts against our customer's inventory of on premise, vendor and cloud-based systems.
The successful candidate will provide support in the following areas:
• Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• Assist in the execution and management of the House Risk Management Framework (RMF) and advises ISSOs on proper application of House cybersecurity policies and requirements.
• Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.
• Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Identify alternative information security strategies to address organizational security objectives.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Participate in information security risk assessments during the Security Assessment and Authorization process.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.
• Provide technical and procedural information system advice to risk management team.
• Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.
• Assume ISSO responsibilities in the absence of ISSO.
• Ensure approved House procedures are followed in the implementation of security controls.
• Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.
• Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.
• Maintain a working knowledge of system technology, security policies, and security safeguards.
• Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.
• Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.
• Provide role-based training for assigned ISSOs specific to their roles and responsibilities.
• Brief senior management on the status of ISSOs and their assigned projects.
• Work with senior leadership to mature risk management processes within the House environment.
• Develop and formalize risk management training, specific to the House environment, for varied stakeholder groups.
• Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.
• Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.
• Participate in the technical security evaluation and assessment of new technologies in support of House of Representatives operations and provide supporting reviews.
• Provide audit support to cybersecurity for audit activities and recommendations.
• Perform other duties as assigned.
The successful candidate shall possess the following knowledge, skills, and abilities:
• Minimum of eight (8) years of demonstrated work experience in cybersecurity risk management.
• Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.
• Strong knowledge and expertise with NIST publications.
• Demonstrated experience providing quality A&A deliverables.
• Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.
• Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.
• Understanding of management, operational and technical cybersecurity principles.
• Experience with privacy principles and frameworks is preferred.
The successful candidate will provide support in the following areas:
• Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• Assist in the execution and management of the House Risk Management Framework (RMF) and advises ISSOs on proper application of House cybersecurity policies and requirements.
• Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.
• Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Identify alternative information security strategies to address organizational security objectives.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Participate in information security risk assessments during the Security Assessment and Authorization process.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.
• Provide technical and procedural information system advice to risk management team.
• Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.
• Assume ISSO responsibilities in the absence of ISSO.
• Ensure approved House procedures are followed in the implementation of security controls.
• Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.
• Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.
• Maintain a working knowledge of system technology, security policies, and security safeguards.
• Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.
• Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.
• Provide role-based training for assigned ISSOs specific to their roles and responsibilities.
• Brief senior management on the status of ISSOs and their assigned projects.
• Work with senior leadership to mature risk management processes within the House environment.
• Develop and formalize risk management training, specific to the House environment, for varied stakeholder groups.
• Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.
• Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.
• Participate in the technical security evaluation and assessment of new technologies in support of House of Representatives operations and provide supporting reviews.
• Provide audit support to cybersecurity for audit activities and recommendations.
• Perform other duties as assigned.
The successful candidate shall possess the following knowledge, skills, and abilities:
• Minimum of eight (8) years of demonstrated work experience in cybersecurity risk management.
• Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.
• Strong knowledge and expertise with NIST publications.
• Demonstrated experience providing quality A&A deliverables.
• Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.
• Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.
• Understanding of management, operational and technical cybersecurity principles.
• Experience with privacy principles and frameworks is preferred.
Top Skills
Cloud Service Models
Cybersecurity Tools
Network Technologies
Nist Publications
Operating Systems
Risk Management Frameworks
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Business Technology Integrators (BTI) is a Service-Disabled Veteran-Owned Small Business (SDVOSB) whose vision is to ignite innovation from within and deliver leading-edge solutions.
At Business Technology Integrators (BTI), human capital is our most important asset. We are committed to the provision of a progressive environment where innovative, modernized, solutions are created by the best and brightest in our industry. Our team focuses on customer engagement by ensuring we deliver quality-assured results.
