ODNI Information Systems Security Manager (ISSM)

Full Job Description

The Intelligence Community (IC) Chief Information Office (CIO) is responsible for advancing the Intelligence Community's mission by driving secure collaboration, integration, and information sharing; identifying and addressing information enterprise risks; and providing strategic leadership and oversight of the IC's enterprise architecture and enterprise information technology.

Mandatory Requirements: Familiarity of ODNI's information technology infrastructure including operating systems, major application systems, and network architecture.

Familiarity of ODNI's information technology security environment, business requirements, and risks.

Familiarity of ODNI's INFOSEC policies, procedures, and practices, as well as the implications of those policies on component Information Technology (IT) systems and security issues.

Expert program management, analytic, and critical thinking skills, including a superior ability to conduct INFOSEC program assessments, identify needs and requirements, and develop process improvement recommendations for the successful implementation of ODNI's INFOSEC programs.

Superior ability to communicate, both verbally and in writing, complex information in a clear, concise manner that is targeted to and meets the needs of diverse audiences with different perspectives and objectives.

Superior ability to work effectively both independently and in a team or collaborative environment, mentor junior colleagues, and utilize strong organizational and interpersonal problem-solving skills.

Superior ability to establish regular contact with high-level internal and external resources and customers, supplying or seeking information on security programs and issues; superior use of tact when expressing ideas or opinions to senior leaders, customers, contractors, and other stakeholders.

Superior ability to listen to, clarify, and convey an understanding of others' ideas, comments, and questions, and integrate and build upon diverse opinions in a manner that encourages the formation of integrated solutions and positions.

Must have a degree in cybersecurity, computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.

Desired Requirements: Minimum of five (5) years of specialized experience.

IT related experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT Certification).

IT- related experience demonstrating each of the four competencies (Attention to Detail, Customer Service, Oral Communication, and Problem Solving).

CISM, CASP/SEC+, CISA, CISSP and/or CCNA/CCNP or the ability to obtain within 1 year of assignment. Major Duties:

Major Duties and Responsibilities: Serve as an expert an Information Systems Security Manager (ISSM) within Office of Director of National Intelligence (ODNI), leading staff responsible for the strategic planning and management of Information Security (INFOSEC) programs and activities.

Lead, guide, and oversee professional staff responsible for developing, implementing, and maintaining INFOSEC programs within ODNI; review, approve, and develop security plans for ODNI and develop security measures to safeguard information against unauthorized modification, destruction, or disclosure.

Provide expert direction and guidance to ensure that information systems that are developed, deployed, operated, implemented, and supported in a manner consistent with INFOSEC policies and procedures.

Lead the planning, development, and implementation of ODNI's security processes to ensure they operate effectively and are compliant with the Federal Information Systems Security Management Act (FISMA) and other relevant policies, guidelines, and procedures.

Lead the development, and implementation of ODNI's security policy and technical requirements for system design and operations; serve as an information security expert and consultant for both internal ODNI components and Intelligence Community (IC) stakeholders.

Define and develop information security requirements and engineering solutions for new systems and guide the definition and review of system security plans.

Represent ODNI's position on key information security issues and advocate on the behalf of the ODNI at IC-wide INFOSEC forums (i.e., the Information Security Program Council (IPC)) and other critical collaborative security specific forums.

Collaborate directly with senior security managers charged with developing security guidelines for the IC.

Lead, cultivate, and maintain productive working relationships with security colleagues, counterparts, and ODNI senior leadership to share information of interest, explain the specifics of security programs and procedures, and, when appropriate, present, justify, defend, negotiate, and/or settle matters involving significant or controversial issues.

Develop and implement ODNI's security policy and technical requirements for system design and operations; provide preliminary information security advice and recommendations to both internal ODNI components and Intelligence Community (IC) stakeholders.

Develop information security requirements and engineering solutions for new systems, review system security plans, and make improvement recommendations.

Provide support to senior ISSMs and/or CSG Division Chiefs charged with developing security guidelines for the IC and ensuring that security processes are compliant with appropriate federal requirements.

Maintain productive working relationships with security colleagues, counterparts, and ODNI senior leadership to share information of interest and explain the specifics of security programs and procedures.

Lead a team of professional staff and assess performance, collaborate and oversee goal setting, and provide feedback on personal development.

Demonstrated knowledge of NIST 800-37 Risk Management Framework. Demonstrated knowledge of NIST SP 800-39 Managing Information Security Risk.

Demonstrated knowledge of NIST 800-53 and/or CNSS 1253 Security Controls.