Founded in 2009, RSC2, Inc. is a Small Business Administration (SBA) Certified HUBZone Professional Services company headquartered in Baltimore, Maryland. RSC2 provides breakthrough expertise, support services, and technologies to make operations, programs and systems of record perform better. Our professional staff is trained to provide world-class services to all types of customers. We uphold the integrity and quality of our work so you can expect only the best from us. RSC2 is looking for an Information Systems Security Manager (ISSM) to join our growing team! This individual will be supporting the 4th Medical Group on-site at Seymour Johnson Airforce Base in Goldsboro, NC. Responsibilities:
Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).
Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
Advise senior management (e.g., CIO) on risk levels and security posture.
Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.
Collect and maintain data needed to meet system cybersecurity reporting.
Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
Ensure security improvement actions are evaluated, validated, and implemented as required.
Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
Identify alternative information security strategies to address organizational security objective.
Identify information technology (IT) security program implications of new technologies or technology upgrades.
Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.
Manage the monitoring of information security data sources to maintain organizational situational awareness.
Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
Identify security requirements specific to an information technology (IT)system in all phases of the System Life Cycle.
Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
Minimum Secret Clearance
Skilled in relating policies that reflect system security objectives and determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Knowledge of Personally Identifiable Information (PII) data security standards.
IAT III, CISSP is preferred but IAT Level II, SEC+, would be required within 90 days of placement into this position
Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
Knowledge of penetration testing principles, tools, and techniques.
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version[ITIL]).
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
Work Location: Goldsboro, NC Employment Type: Full-time, Salary-Exempt Benefits Package: We offer a top tier benefits package which includes medical, dental, vision, PTO, employer matching retirement plan, and more! We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. The EEO is the Law poster is available here.