Information Systems Security Manager

Seemann Composites, LLC was founded on its research and development with composite fabrication processes and revolutionized the composites industry with the invention of SCRIMP (Resin Infusion Molding Process). Patented for 30+ years, SCRIMP continues to be the manufacturing approach for a large assortment of products developed by our team. We are recognized as a world leader in composites manufacturing, providing state of the art composite and polymer solutions. As a critical supplier to the United States Navy, we develop and manufacture specialized products in support of the submarine fleet programs as well as new construction and fleet maintenance.

Seemann Composites is an agile small/medium size company with the flexibility to react quickly to customer needs and unencumbered by large corporate structure when making strategic business and technical moves. Our engineers participate in product development from beginning to delivery, in a truly unique multifaceted workplace environment. Seemann Composites is AS9100 Quality System certified.

The Seemann Composites Information System Security Manager (ISSM) is responsible for compliance oversight, assessment, and operations of information systems under their purview. The ISSM is assigned responsibility to support and ensure compliance for the overall information security compliance posture across classified systems. Working under the direction of the Director of Security and Compliance, the ISSM will be responsible for accrediting and maintaining systems under the National Industrial Security Program Operating Manual (NISPOM) through the Risk Management Framework (RMF) process in compliance with the NIST 800.53 standards, and Defense Counterintelligence and Security Agency (DCSA) requirements including the DCSA Assessment and Authorization Guide (DAAG).

Responsibilities:

• Maintain a working knowledge of all IS functions, security policies, technical security safeguards, and operational security measures.
• Oversee the development, implementation, and evaluation of the contractor's information system program in support of US Government contract specification.
• Maintain Information Systems’ technical compliance. Update IS monthly with security relevant software updates and report anomalies to FSO and VP of Security. Develop, document, and monitor compliance of the contractor's information system security program in accordance with CSA-provided guidelines for management, operational, and technical controls.
• Author and maintain security policies and procedures as required. Obtain and maintain Authority to Operate (ATO) approvals for various Information Systems by adhering to the Risk Management Framework (RMF).
• Conduct required IS training for the company. Brief users on their responsibilities with regard to information system security and verify that contractor personnel are trained on the security restrictions and safeguards of the information system prior to access to an authorized information system.
• Interact with DCSA SCA/ISSP to track upcoming authorizations (ATO), on-sites and inspections.
• Certify to the CSA in writing that the systems security plan (SSP) is implemented for each authorized information systems, specified in the SSP; the specified security controls are in place and properly tested; and the information system continues to function as described in the SSP.
• Identify system vulnerabilities, mitigating actions, resources, and timelines for corrective actions. Complete corrective actions and update POAM and eMASS.
• Conduct recurring classified Cybersecurity reviews on information systems in accordance with DoD Manuals, NIST Special Publications, customer directives, and company policies as applicable to include all cybersecurity audits required by these publications and those performed as a best practice.
• Participate in Annual Security Self Inspections, assigned as IS SME for input, as led by the FSO.
• Develop and maintain security documentation of the security authorization request to the CSA. Documentation may include:
• SSP, Security assessment reports, Plans of actions and milestones, Risk assessments, Authorization decision letters, Contingency plans, Configuration management plans, Security configuration checklists.
• Participate as a team member on the Seemann Composites’ Change Control Board and maintain documentation from such events.
• Participate as Insider Threat Team member (representing Information Systems), as well as the SME concerning Incident Response regarding IS issues. Coordinate with the contractor's insider threat senior program official so that insider threat awareness is addressed in the contractor's information system security program.
• Maintain proficiency and accountability for all related applications related to the Seemann Composites’ Information Systems reporting: company metrics, eMASS, Continuous Monitoring (ConMon), Plan of Action and Milestones (POAM), NISS, and other company reports as required.
• Complete all DCSA and Seemann Composites’ required training within 6 months of appointment (annual requirements thereafter).
• Maintain membership in NCMS and GC ISAC. Participate as speaker.
• Maintain all required certifications and training as assigned.
  
  

Qualifications:

• Must have current Department of War security clearance. U.S. citizenship is required.
• Bachelor of Science degree in Cybersecurity, Computer Science or related degree with (2) years of relevant experience or Associates degree in related field degree with five (5) years of relevant experience as shown below:
• Within Cybersecurity and/or information technology to include the activities described below.
• As an Information System Security Manager for DoD collateral classified systems.
• Experience supporting cybersecurity compliance as stipulated by the DAAG (recent) and DAAPM (previous) DCSA guidance, NISPOM regulations and other applicable CFRs, and NIST Controls
• Experience utilizing SCAP, STIGs, Nessus, and Powershell.
• IAM Level II certification DoD 8140 (8570) must be obtained within 12 months of hire.
• Availability to work outside normal hours.
• Effective interpersonal skills and relationship-building skills. Ability to effectively prioritize and execute tasks independently with limited supervision and perform all duties of the job efficiently.
• Keen attention to detail. Analytical and problem-solving abilities.
  
  

Relevant Experience Considered:

• Compliance-based auditing using the Risk Management Framework (RMF)
• Technical writing or procedure documentation experience
• eMASS experience submitting new System Security Plans, updating Plan of Action and Milestones (POAMs) and eMASS entries.
• Experience in writing and conducting training presentations for medium size audiences
• Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics)
• Experience in working with team members on successfully completing Information System projects
  
  
  

Essential Physical Requirements:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle or feel such as using a computer mouse or writing and talk or hear in person or on the telephone with other employees, supervisors and in some cases the general public and board of directors. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 50 pounds.

Company Benefits:

• Health Insurance with low deductible and out of pocket expenses
• Short and Long-Term Disability Coverage
• 401K plan including 100% match up to 5% of total compensation
• Life Insurance
• Minimum of 8 Paid Holidays in addition to paid plant closure between Christmas and New Years
• Starting PTO of 120 hours/year
• Additional paid leave for Adverse Weather Events and Bereavement
  
  
  

Equal Opportunity Employer

To apply, go to https://www.seemanncomposites.com/careers/