MIT Lincoln Laboratory Information Systems Security Manager - Special Programs in Lexington, Massachusetts
Security Services Department
The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
The Information Systems Security Manager (ISSM) – IT IC Level 4 will provide expert management of all information security support to several independent Laboratory programs assigned. The successful candidate will work independently and as a team member, must be a quick learner, self-motivated, reliable, and able to balance multiple tasks simultaneously. Candidate must have strong interpersonal skills and be able to manage stress in a professional manger. Candidate must be knowledgeable in computer security principles and policies, to include, Security Technical Implementation Guides (STIGs), National Industrial Security Program Operating Manual (NISPOM), NIST 800-53 / Risk Management Framework (RMF), Joint SAP Implementation Guide (JSIG), Intelligence Community Directive (ICD) 503, Joint Air Force, Army, Navy (JAFAN) 6/3.
The ISSM will be the primary focal point and have an in-depth knowledge of computer security principles, practices, and procedures in order to execute a comprehensive Information Security program to meet both internal and external requirements. The ISSM will apply security controls based on NIST 800-53 and Risk Management Framework guidelines that protect classified computer systems in a heterogeneous computer environment which could consist of any variation of Linux, Unix, Sun, Mac, or Windows systems. The ISSM will lead and manage daily responsibilities of assigned Information Systems Security Officers (ISSO). The ISSM will develop and maintain multiple System Security Plans (SSP) based on the Joint SAP implementation Guide; ensuring systems are operated, maintained, and disposed of according to the approved SSP. The ISSM will conduct security compliance audits and perform security vulnerability assessments on Laboratory information systems. The ISSM will establish and maintain configuration management policies and procedures. The ISSM will ensure users and ISSOs are subject to an effective information security education, training, and awareness program. The ISSM will facilitate assessment and authorization of new and existing systems. The ISSM will be able to implement and test IT security policies/procedures as part of a fully integrated IT security program. The ISSM will coordinate and participate in the investigation and mitigation of information system adverse incidents. The ISSM will assume ISSO responsibilities in the absence of the ISSO and must be able to respond to off-hour emergencies as needed. Must have demonstrated ability to follow-up and solve problems. Position requires some local and overnight travel.
MS degree in Computer Science, Information Technology, Computer Information Systems, or related field required with a minimum of seven (7) years’ experience within Special Access and Sensitive Compartmented Information Programs.
Demonstrated capabilities in leading cross-functional teams and presenting ideas written and orally within a collaborative team environment is required.
Technical experience and skills, course work completed towards a degree, and industry IT certifications may be considered substitutes for education requirements.
Ability to achieve DoD 8570 IAM Level III Baseline Certification within 6 months of appointment; preferably candidate possesses ISC2 CISSP.
Technical experience and skill securing operating systems such as Linux, Windows Server/client OS, virtualization technologies, and applying encryption standards.
Experience using vulnerability scanning tools such as NESSUS, SCAP, RETINA, SECSCN, WASSP
Experience using audit reduction tools and endpoint security products.
In-depth working experience directly related to assessment and authorization using any of the following:
NIST SP 800-37 / Risk Management Framework (RMF)
Joint SAP Implementation Guide (JSIG)
Intelligence Community Directive (ICD) 503
National Industrial Security Program Operating Manual (NISPOM) Chapter 8
Joint Air Force, Army, Navy (JAFAN) 6/3
Exceptional written and verbal communication skills.
Prior experience in working in a collaborative team environment desired.
The selected candidate will be subject to a pre-employment background investigation and must possess a current in scope Top Secret level security clearance with compartmented program eligibility.
For Benefits Information, click http://hrweb.mit.edu/benefits
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
Requisition ID: [[id]] #CJ