IT Security Administrator - ISSO/ISSM in Bethlehem at Curtiss-Wright

Date Posted: 9/3/2020

Job Snapshot

Job Description

The Opportunity | IT Security Administrator (ISSO/ISSM)
A detail oriented individual who is responsible for managing and maintaining the business unit's IT Security systems and programs, in addition to serving as the Information Systems Security Manager (ISSM). The ISSM is primarily responsible for maintaining the overall security posture of the systems within our organization and is accountable for the implementation of the RMF (Risk Management Framework). The ISSM serves as the principal advisor on all matters, technical and otherwise, involving the security of systems under their purview and must effectively handle day-to-day operations and responses to security instances. As the IT Security Administrator, you will be responsible for DCSA IT Security compliance (specific to the DCSA Assessment and Authorization Process Manual), and ensure that our business unit meets or exceeds requirements to such programs as CMMC, DFAR, CUI, internal EMS secured networks, the standalone confidential computer work stations,, implement and manage classified Navy WAN access and ultimately implementing an internal classified network (with connectivity to the Navy WAN). While primarily working under minimal supervision, the ideal candidate will work closely with the other members of EPD's Security organization (NNPICO, FSO, and ISSO), as well as members of the Engineering teams.
Duties & Responsibilities:

  • Primary ISSM and backup ISSO support, as needed

  • Responsibility for maintaining and managing the existing AOR Media Center process (BLX-7)

  • Maintain and Manage existing stand-alone confidential systems

  • Initiate the development and implementation of an internal classified network to support test department, engineering design work, and data storage (with access to the Navy NNPI-WAN)

  • Become the primary COMSEC (trained to be responsible for the secure communication hardware and systems needed for access to the Navy-WAN)

  • Develop, maintain, and oversee the system security program and policies for their assigned area of responsibility

  • Ensure compliance with current cyber security policies, concepts, and measures when designing, procuring, adopting, and developing a new system

  • Ensure the fulfillment of IO data requirements (e.g., storage, processing, Assured File Transfer (AFT), incident response, collection, dissemination, and disposal)

  • Develop and implement an effective system security education, training, and awareness program

  • Ensure IT security systems and process are continuously improved to reduce waste and improve effectiveness

  • Monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks and reporting them as necessary

  • Developing, documenting, and monitoring compliance with and reporting of the cleared contractor facility's system security program in accordance with Cognizant Security Activity (CSA) guidelines for management, operational, and technical controls

  • Perform risk assessments and documenting results in a RAR and keeping the risk assessment current

  • Developing, maintaining, and updating, in coordination with all system stakeholders, POA&Ms in order to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions

  • Submit the security plan and supporting artifacts to the ISSP for AO review and consideration

  • Ensure all system security documentation is current and accessible to properly authorized individuals

  • Ensure audit records are collected and analyzed in accordance with the security plan

  • Conduct periodic assessments of authorized systems and ensuring corrective actions are taken for all identified findings and vulnerabilities

  • Ensure proper measures are taken when a system incident or vulnerability affecting classified systems or information is discovered

  • Ensure all users have the requisite security clearances, authorization, and Need-to-Know (NTK)

  • Manage local efforts on special projects like 2-factor authorization

  • Work with CW-ITSS and EMS-IT teams as needed

  • Other duties as necessary

  • Must be US Citizen and able to obtain DOD security clearance

  • Bachelor's Degree (preferably in a technical field), or minimum of 5 years' experience in a similar role

  • Maintain IS professional certifications commensurate with applicable IA requirements

  • Strong communication skills, analytical thinking, and problem solving skills

  • Ability to prioritize tasks and efforts, through effective time management practices

  • Knowledge and experience managing and maintaining accredited systems

  • Cohesive experience in standards and IS requirements

  • Experience with the delivery of strategic projects from conception to implementation

  • Broad IT experience covering Microsoft base products

  • Proven collaborator with technical teams, business groups, and senior executives
This position may require exposure to information which is subject to US export control regulations, i.e. the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). All applicants must be U.S. persons within the meaning of U.S. regulations.
Curtiss-Wright values diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you require accommodation due to a disability at any time during the recruitment and/or assessment process, please contact Talent Acquisition and we will make all reasonable efforts to accommodate your request.