Information System Security Manager (ISSM) NF5 Job in Quantico, VA

Vacancy No. 70841 Department U.S. Marine Corps
Salary $130,000.00 to $150,000.00 Grade 05 to 05
Perm/Temp Permanent FT/PT Full-time
Open Date 11/14/2024 Close Date 12/5/2024
Job Link Apply Online Who may apply Public
Locations:
Quantico, VA


Summary

Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.

This job is open to

Clarification from the agency

Open to Public

Duties

This position serves as the Enterprise Information System Security Manager (ISSM) for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will provide guidance and direction to Information System Security Managers at the installation and project/program level to provide system security manager services to Marine Corps installations worldwide.


The Information System Security Manager (ISSM) serves within the Enterprise Cybersecurity and Compliance Office. The ISSM will serve as an advocate for all disciplines within the security program including the development and subsequent enforcement of the organization's security awareness programs, business continuity and disaster recovery plans, and all industry and governmental compliance issues. Promotes IT security awareness to the user community by validating the user community is completing annual security training. Oversees and maintains regulatory requirements and completes periodic reviews for security implications and security applications. Works closely with and receives reports from Information Systems Security Manager(s), Information Systems Security Officers (ISSO)s, and Information System Security Engineer(s).


Performs security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures. Conducts comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37). Follows systematic processes to assess the ability of systems and networks to withstand exploitation by adversaries. Conducts assessments of threats and vulnerabilities, determine deviations from acceptable configurations and enterprise or local policies, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in all situations. Performs technical tests, network scans, vulnerability scans, and penetration testing to evaluate the effectiveness of systems, devices, procedures, and methods used to safeguard information in computer accessible media.


Executes established cybersecurity program objectives, policies, and procedures as they relate to NIST standards. Sustains the daily operations of the MR Cybersecurity program objectives to implement processes and procedures as they relate to DoD , DON, USMC, MCCS policy, standards, and guidelines. Provides security oversight for MR and subordinate commands to include coordinating MR security measures, conducting analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. Focuses on content development, communications, and training program management in support of cybersecurity awareness or relevant technical subject domains. Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives. May conduct and coordinate training of personnel within pertinent cybersecurity subject domain and develop, plan, and evaluate training courses, methods, and techniques as appropriate. May be responsible for raising security awareness and facilitating improved security.


Supervises employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, training employees, keeping abreast of and actively supporting the principles of the EEO program, and prevention of sexual harassment. Must be alert to alcohol abuse, and take appropriate action. Coordinates Risk Management Framework activities for MR business lines and associate information technology systems. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Facilitates PCI inspections, pen testing, and audits from MR merchant account providers.


Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. Performs other related duties as assigned.
This is a white-collar position where occasional lifting up to 20 lbs may be required.
Performs other duties as assigned.

Requirements

Conditions of Employment

  • See Duties and Qualifications

EVALUATIONS:

Qualifications

Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND seven years of experience performing specific tasks for Information System Security Manager (ISSM), security assessments, vulnerability management, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.


Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident response and handling methodologies, intrusion detection methodologies and techniques for detecting host and network-based intrusions, and organization's risk tolerance and/or risk management approach.


Skill in applying security controls, analyzing traffic to identify network devices, conducting application vulnerability assessments, assessing security systems designs, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, preparing Test & Evaluation reports, and running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews.
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), conduct vulnerability scans and recognize vulnerabilities in security systems, and translate data and test results into evaluative conclusions.


As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8140.01) as a condition of access within six months of employment. This position has been determined as an advanced proficiency level.


This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.


Eligible for incremental telework as determined by MR/MF policy.

Additional information

GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.

It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.donhr.navy.mil/NoFearAct.asp.

As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.
Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.
Required Documents:
           *Education/certification certificate(s), if applicable.
           *If prior military, DD214 Member Copy
This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.
Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.
INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN TIME (ET) ON THE CLOSING DATE LISTED IN THE JOB POSTING.

Benefits

A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

The Federal government offers a number of exceptional benefits to its employees. Benefits you get to enjoy while working at MCCS include but are not limited to:

•      Stability of Federal Civilian Service

•      People with passion for doing work that matters

•      Quality of Work Life Balance

•      Competitive Pay

•      Comprehensive Benefit Packages

•      Marine Corps Exchange and Base Facility Privileges

Review our benefits

Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.

Required Documents

Varies - Review "OTHER INFORMATION"

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

How to Apply

All applications must be submitted online via the MCCS Careers website:

Resumes/applications emailed or mailed will not be considered for this vacancy announcement.   Resumes submitted with pictures will not be considered. To be considered for employment, the application or resume must be submitted online by 11:59 PM (ET) on the closing date of the announcement.

Note: To check the status of your application or return to a previous or incomplete application, log into your MCCS user account and review your application status.

Agency contact information

BUSINESS AND SUPPORT SERVICES
Address
BUSINESS AND SUPPORT SERVICES
DIVISION
3044 CATLIN AVE
QUANTICO, VA 22134-5003
USA
Learn more about this agency

Next steps

All applicants who submit an application via our Careers page at https://careers.usmc-mccs.org will be able to view their application status online.


Note: We cannot accept applications on behalf of Federal Agencies. Application instructions are listed within the Job Description.