Duties
This position serves as the Enterprise Information System Security Manager (ISSM) for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will provide guidance and direction to Information System Security Managers at the installation and project/program level to provide system security manager services to Marine Corps installations worldwide.
The Information System Security Manager (ISSM) serves within the Enterprise Cybersecurity and Compliance Office. The ISSM will serve as an advocate for all disciplines within the security program including the development and subsequent enforcement of the organization's security awareness programs, business continuity and disaster recovery plans, and all industry and governmental compliance issues. Promotes IT security awareness to the user community by validating the user community is completing annual security training. Oversees and maintains regulatory requirements and completes periodic reviews for security implications and security applications. Works closely with and receives reports from Information Systems Security Manager(s), Information Systems Security Officers (ISSO)s, and Information System Security Engineer(s).
Performs security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures. Conducts comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37). Follows systematic processes to assess the ability of systems and networks to withstand exploitation by adversaries. Conducts assessments of threats and vulnerabilities, determine deviations from acceptable configurations and enterprise or local policies, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in all situations. Performs technical tests, network scans, vulnerability scans, and penetration testing to evaluate the effectiveness of systems, devices, procedures, and methods used to safeguard information in computer accessible media.
Executes established cybersecurity program objectives, policies, and procedures as they relate to NIST standards. Sustains the daily operations of the MR Cybersecurity program objectives to implement processes and procedures as they relate to DoD , DON, USMC, MCCS policy, standards, and guidelines. Provides security oversight for MR and subordinate commands to include coordinating MR security measures, conducting analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. Focuses on content development, communications, and training program management in support of cybersecurity awareness or relevant technical subject domains. Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives. May conduct and coordinate training of personnel within pertinent cybersecurity subject domain and develop, plan, and evaluate training courses, methods, and techniques as appropriate. May be responsible for raising security awareness and facilitating improved security.
Supervises employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, training employees, keeping abreast of and actively supporting the principles of the EEO program, and prevention of sexual harassment. Must be alert to alcohol abuse, and take appropriate action. Coordinates Risk Management Framework activities for MR business lines and associate information technology systems. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Facilitates PCI inspections, pen testing, and audits from MR merchant account providers.
Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. Performs other related duties as assigned.
This is a white-collar position where occasional lifting up to 20 lbs may be required.
Performs other duties as assigned.