As the ISSM at Loft Federal, you will be responsible for managing governance, risk, and compliance, and information assurance on our networks and assuring the cybersecurity of each of our programs. The ideal candidate will bring an excitement for establishing and accrediting our information systems for the U.S. Government work and a passion for managing and maintaining those information systems. We are looking for a person who can put on a strategic hat one day, helping us develop our future infrastructure goals, and put on the tactical hat the next to assure controls are well applied across a complicated information landscape.

Mission Objectives

• Develop, maintain, and oversee the cybersecurity of Loft Federal and all of our programs.
• Perform auditing of information systems, including monitoring and recognizing non-compliance, suspicious and anomalous activity (i.e. threats), and reporting such activity to appropriate parties.
• Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan.
• Document compliance actions within the approved automated compliance tracking system or develop a plan of actions and milestones (POA&M) to address non- compliance in accordance with the Continuous Monitoring Strategy.
• Assist in investigations of computer security violations and incidents, reporting as necessary to the appropriate parties.
• Monitor and correlate data (e.g. logs, events, activity, etc.) from a variety of sources (e.g. Splunk, Trellix, Nessus, etc.) to identify and mitigate threats, vulnerabilities, and non-compliance.
• Participate in threat, vulnerability, and risk assessments to implement effective security change across the business.

Mission Mandates

• Active DoD Secret clearance is required.
• The ability to obtain and maintain a Top Secret / Sensitive Compartmented Information (TS/SCI) clearance is required.
• Preference will be given to candidates with a DoD or Intelligence Community Top Secret background investigation with at least 3 years of eligibility remaining or CE status; and SCI eligibility with current experience in SCI programs, other control systems, and/or Special Access Programs

Mission Credentials

• Bachelors or Masters degree in Information Technology or a related field.
• Qualified to be an ISSM iaw DoDM 8570.01/DoDM 8140.03
• Experience with NIST 800-37, 800-53
• IAT Level II Certification: Security+ CE, CCNA Security
• CASP+, CISSP, or CISM certification
• Strong knowledge of industry security policies and regulations, including NIST 800-53, FISMA, STIG.
• Experience developing security documentation, including System Security Plans (SSPs), Standard Operating Procedures (SOPs), Plans of Actions and Milestones (POA&Ms), Remediation Plans, and Configuration Management Plans.
• Experience with providing network, system administration, or computer operations support.
• Strong leadership and communication skills.
• Demonstrated problem-solving and analytical abilities.
• Familiarity with current cybersecurity threats and mitigation strategies.
• Ability to work collaboratively with cross-functional teams.