Corporate Information System Security Manager (ISSM)

Job Description

Job Description

Corporate Information System Security Manager (ISSM)

Company Overview:

KODA is a people-first company and a three-time Fortune Best Workplace® , Great Place to Work® certified, a Best Place for Working Parents® , and a seven-time Huntsville Best Places to Work® winner.

We're a small business making a big impact on national-priority missions in missile defense, hypersonics, DoD space, and civil space . At KODA, you'll find:

• Competitive pay & great benefits
• Career growth & professional development
• A culture of trust, integrity, and teamwork

The name KODA , meaning "allies," reflects our commitment to our people, our customers, and our community. Join us and build a career that matters!

Position Overview:

KODA Technologies Inc. is seeking a full-time Corporate Information System Security Manager (ISSM) to oversee the implementation and continuous monitoring of the Risk Management Framework (RMF) and Cybersecurity Maturity Model Certification (CMMC) of KODA's Classified Information System and Corporate Information System.

Duties/Responsibilities:

• Oversee and manage the risk posture of the KODA classified AIS in accordance with the NIST 800-37 Risk Management Framework (RMF) process, working directly with Defense Counterintelligence & Security Agency (DCSA) Information System Security Professional (ISSP) to develop and implement the required strategy utilizing NIST 800-53 to accomplish KODA's missions.
• Maintain and monitor KODA's Cybersecurity Maturity Model Certification (CMMC) Level 2 certification in accordance with NIST 800-171 and DFARS 252.204-7012.
• Chair KODA's RMF and CMMC Configuration Control Boards (CCB) and make risk determinations supporting KODA's current risk posture as defined by current authorizations.
• Maintain KODA's RMF and CMMC Continuous Monitoring (ConMon) Plans to maintain system accreditation compliance.
• Develop and implement Plan of Action & Milestones (POA&M).
• Work collaboratively with System Administrators to conduct Cyber Security (CS) Risk Assessment Reports (RAR) to develop mitigation, remediation, and monitoring strategies in compliance with National Industrial Security Program Operating Manual (NISPOM, 32 CFR, Part 117) and DCSA Assessment and Authorization Guide (DAAG).
• Implement all applicable controls associated with obtaining and maintaining RMF Authorities to Operate (ATO) IAW NIST 800-37.
• Manage and report DCSA required RMF efforts to DCSA Information Systems Security Professional (ISSP) and Security Control Assessor (SCA).
• Provide recommendations to the Senior Information Systems Officer (SISO), associated project Team Leads, and Facility Security Officer (FSO) for process enhancements for DCSA-accredited IS.
• Assist the SISO and FSO in the effective implementation, assessment, improvement, and management of the KODA Security Program.
• Act as the liaison between KODA Leadership and the corporate IT and Cybersecurity Managed Service Providers regarding vulnerability scanning, mitigations, risk acceptance and overall system security posture.
• Support KODA's oversight and performance of other corporate computing efforts as needed, including monitoring of Help Desk ticket status, new hire IT onboarding, system administration, and inventory of KODA and government-furnished property.

Requirements:

• Two-year or Four-year degree in Computer Engineering, Computer Science, Information Systems Security/Assurance, or related field.
• 4+ years of ISSO experience or 2+ years of ISSM experience.
• 4+ years of Microsoft operating systems administration experience.
• 2+ years of experience with Assessment & Authorization (A&A) responsibilities, including ISSO, ISSM, policy development, control testing, POA&M management, and configuration management.
• Ability to obtain and maintain DoD 8140 IAM II certification
• Experience with working with DoD tools, including Enterprise Mission Assurance Support Service (eMASS), SCAP, DISA STIGs and other monitoring tools.
• Experience with performing cybersecurity compliance standards, including NIST Controls and DISA STIGS.
• Experience with Systems Administration, Information Systems Auditing, Data Security Analysis and/or Network Administration.
• Experience with Microsoft Office products.
• Strong organizational, analytical, and problem-solving skills.
• Solid communication skills, both in written, verbal, and interpersonal skills.
• Ability to self-prioritize tasking and work multiple projects in tandem while meeting mission objectives and strict timelines.
• Ability to develop and maintain effective working relationships across the organization.
• Willingness to jump in and support various diverse IT-related tasks when needed to support the mission.

Clearance:

• Active Secret Clearance

KODA Technologies Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, gender identity, sexual orientation, pregnancy, status as a parent, national origin, disability (physical or mental), family medical history or genetic information, political affiliation, military service, or other non-merit based factors. If you are unable to complete this application due to a disability, contact [email protected] to ask for an accommodation or an alternative application process.