Information Systems Security Manager

- Act as the primary advisor on all matters related to information systems security, operating at an organizational level with significant strategic responsibilities. - Collaborate and engage with relevant stakeholders throughout all phases of the NIST RMF framework to attain and sustain Authority to Operate (ATO). - Design, implement, and uphold the overall information security program for assigned systems and networks. - Drive the consolidation and standardization of squadron ATO efforts to enhance operational performance. - Work closely with other Information Assurance personnel to gain a comprehensive understanding of their ATO systems and solicit feedback for enhancements. - Develop and execute solutions and guidance that standardize, streamline, and optimize squadron ATO processes. - Collaborate with third-party vendors under government contracts to meet the criteria necessary for ATO modernization goals. - Ensure security policies, standards, and procedures align with federal mandates such as FISMA and NIST frameworks, as well as DoD and Air Force cybersecurity directives. - Oversee risk management programs, compliance activities, and security awareness training initiatives. - Serve as the authority on securing a complex and diverse array of systems, including elements of radio frequency (RF) subsystems, SATCOMs, range instrumentation systems, radars, telemetry, and traditional IT infrastructure that may involve special access programs (SAP). - Formulate, implement, and maintain comprehensive security plans, policies, and procedures that comply with all applicable federal requirements, such as FISMA, NIST frameworks, DoD, and Air Force cybersecurity directives. - Coordinate risk management programs, assessing threats, vulnerabilities, and potential impacts on the organization’s information systems portfolio, ensuring compliance with relevant Security Classification Guides (SCGs). - Collaborate and consult with Authorizing Officials and their representatives to facilitate external audits or assessments. - Translate complex security requirements into clear, actionable guidance for implementation teams. - Ensure adherence to established protocols for user access, system accreditation/certification, hardware/software usage, incident response, documentation maintenance, system lifecycle security, audit trails, user authentication, and implementation of security safeguards. - Supervise the deployment of security controls at new sites, ensuring that physical cybersecurity considerations are incorporated from the outset, including access controls, surveillance systems, and environmental protections. - Implement and manage continuous monitoring programs to enforce and continually assess the security performance parameters of systems under ATO. - Provide expert guidance to software development teams to create and maintain a secure software development framework that addresses secure coding practices, cryptographic implementation, security testing methodologies, vulnerability management, and incident response.