About the Opportunity:
The Information Systems Security Manager at KRI, LLC (ISSM) position provides an excellent and unique opportunity for an ISSM Professional to function in an academic and research driven environment. The ISSM provides direct support to classified program requirements and unclassified, controlled unclassified information (CUI) program. This is a very hands-on role which encompasses establishing and administering KRI classified accredited automated information systems and the KRI unclassified facility network. The position requires a logical and structured approach to troubleshooting and decision making with an emphasis on providing superior customer service and security.
The Information Systems Security Manager will serve as the point of contact for all local technical and Information Assurance (IA) matters for assigned systems and areas and will provide subject matter expertise to personnel at the KRI site as well as other Northeastern affiliates on the Burlington Campus, Boston campus, and satellite campuses as they are set up. The successful candidate will ensure KRI adherence to the guidance and requirements of the NISPOM (including Chapter 8), the DAAPM, DCID 6/3, ICD 503 and associated NIST publications, as well as customer/contract imposed specific IA directives.
This position is located on Northeastern University’s Innovation Campus at Burlington, MA with travel to the Boston campus, and travel elsewhere as satellite locations are brought onboard. The position is with KRI, LLC, which is a wholly owned subsidiary of Northeastern University, and will report to the KRI LLC FSO. Close partnership with, and support of the KRI Program Management Office for DoD contracts is required. Additionally, the position will work closely with the university Information Technology Systems Office and the university Compliance Office.
- Self-inspections on IS assets
- Audit trail reviews
- Anti-virus updates
- System backups
- Operating system and applications programs updates
- Configuration management changes
- IS security education and awareness training
- Integral member of the team responding to any network incident pursuant to the Incident Response Plan
- Maintain and audit the KRI unclassified facility network in conformance with the published Electronic Communications Plan (ECP)
- CMMC policy documents
- Individual accredited classified government computer systems
- IA program at KRI including Risk Management Framework (RMF) of Information Systems (IS)
- Document preparation
- System configuration/hardening
- Configuration management
- Certification testing and submission eMASS
- Bachelor’s Degree with a concentration in Computer Science or equivalent preferred with a minimum of 4-6 years’ experience in a related field
- Must be a US Citizen holding active DoD Secret level security clearance with the ability and qualifications to obtain and maintain a DoD Top Secret clearance and additional security accesses
- Experience working with and supporting SIPRNet and JWICS
- Translate operational requirements into technical requirements and architectures needed to meet program objectives
- DoD 8570.1M certified consistent with IAT Level III requirements. Experience working with network equipment and mixed network environments/configuration.
- Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
- Experience with the preparation of Risk Management Framework (RMF) documents and procedures
- Experience with development and delivery of IA-related briefings and training material.
- Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
- Experience with conducting all aspects of a self-inspection
- Experience with DCSA Risk Management Framework (RMF)
- Experience writing System Security Plans and supporting documents for submission in eMASS
- Understanding of NIST 800-171
- Understanding of CMMC requirements
- Experience monitoring various SIEMs
- Requires a logical and structured approach to troubleshooting and decision making with an emphasis on superior customer service and security.
- Required experience hardening automated information systems to meet DoD requirements for Windows and Linux systems.
- Must have ability to convey complex technical concepts in understandable business terms and demonstrate the ability to work both independently and as part of a cohesive cross-functional team.
- Knowledge and experience with various operating systems to include Windows Server, Windows 7 Professional/Enterprise, Linux and Unix.
- Experience with CCRI preparation
- Familiarity with service desk applications and/or incident management environments
- Audio Visual skills
- Experience with DAAPM and the Risk Management Framework