Information Systems Security Manager with Security Clearance

---

Job description

Overview BigBear.ai is seeking a Information Systems Security Manager. This role is responsible for the cybersecurity of a program, organization, system, or enclave. As the Information Systems Security Manager (ISSM), this role is responsible for the cybersecurity of a program, organization, system, or enclave and will report directly to the BigBear.ai Chief Information Security Officer (CISO) Onsite 2-5 days a week in Chantilly, VA. The amount of days onsite will vary depending on the week. What you will do Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Advise senior management (e.g., CISO, CIO) on risk levels and security posture. Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. Collect and maintain data needed to meet system cybersecurity reporting. Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders for the relevant enclave(s). Ensure that security improvement actions are evaluated, validated, and implemented as required. Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Identify alternative information security strategies to address organizational security objective. Identify information technology (IT) security program implications of new technologies or technology upgrades. Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. Manage the monitoring of information security data sources to maintain organizational situational awareness. Oversee the information security training and awareness program. Participate in an information security risk assessment during the Security Assessment and Authorization process. Participate in the development or modification of the computer environment cybersecurity program plans and requirements. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents. Recognize a possible security violation and take appropriate action to report the incident, as required. Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements. Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered. Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals. Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle. Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. What you need to have Bachelor's Degree and 2 to 5 years of experience; or Master's Degree and 0 to 3 years of experience; or in lieu of a degree, 8 to 10 years additional experience Clearance: must possess and maintain an active Top Secret clearance Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. Experience working with NIST 800-53 and NIST RMF Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for national security systems. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of measures or indicators of system performance and availability Skill in creating policies that reflect system security objectives. Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. Knowledge of new and emerging information technology (IT) and cybersecurity technologies. Knowledge of current and emerging threats/threat vectors. Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Understanding of threats to Cleared facilities Understanding of Safeguarding and Handling Procedures for classified information Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities. Knowledge of penetration testing principles, tools, and techniques. Understanding of Continuous Security Monitoring What we'd like you to have TOP SECRET/SCI with poly Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Knowledge of network traffic analysis methods. Knowledge of server and client operating systems. Knowledge of the organization's enterprise information technology (IT) goals and objectives. Experience implementing DISA STIGs Experience working as an ISSM for a federal contract About BigBear.ai BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on BigBear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in Columbia, Maryland, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit and follow BigBear.ai on and

<!– job description page –>