Information System Security Manager (ISSM) - ...

Information System Security Manager (ISSM) - Portsmouth, RI/Marlborough, MA At RTX, we're accelerating ideas to solve some of the world's biggest challenges by bringing together the brightest, most innovative minds across aviation, space and defense. Date Posted: 2025-02-27 Country: United States of America Location: MA801: Marlborough, MA 1001 Boston Post Road Building 2, Marlborough, MA, 01752 USA Position Role Type: Onsite At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. Our team solves tough, meaningful problems that create a safer, more secure world. Our cybersecurity team is seeking a Special Programs - Information System Security Manager (ISSM) to support our classified computing environments 100% onsite at our facilities in Portsmouth, Rhode Island AND Marlborough, Massachusetts. Your main office can be either Marlborough or Portsmouth, but will support both environments. The Cybersecurity Information Systems Security Manager is responsible for compliance oversight, assessment, and operations of systems under their purview. They may be assigned to a single large-scale program or oversee multiple programs. Program ISSM has cognizance of all Special Access Programs (SAP) in the Marlborough and Portsmouth Sites per Commercial and Government Entity (CAGE) code as stipulated by various US Government requirements including (but not limited to): National Industrial Security Operating Manual (NISPOM) and related documentation such as: Risk Management Framework (RMF) Joint SAP Implementation Guide (JSIG) Intelligence Community Directive 503 (ICD 503) Baseline Technical Security Configuration Standards DCSA Assessment and Authorization Process Manual (DAAPM) Customer/contract specific Cybersecurity regulations Components of the cybersecurity (CS) program include Assessment and Authorization (A&A) activities (documentation preparation, system configuration/validation, certification testing, etc.), security sustainment activities (hardware change management, software change management, account management, media protection, user interface, file transfers, etc.), conducting self-inspections, and delivering information systems security education and awareness. You will conduct recurring Cybersecurity reviews on information systems in accordance with DoD Manuals, NIST Special Publications, customer directives, and company policies as applicable. You are responsible for the execution of the Raytheon Continuous Monitoring Plan as required by CA-2 Security Assessments. You'll serve as subject matter experts (SME) on a broad range of Cybersecurity topics. You may represent the Cybersecurity organization and business unit to external Cybersecurity counterparts. Important note(s): Within six months of hire date, you must obtain and maintain a Security professional certification commensurate with IAM Level III certification as required by DoDD 8140 (8570) if you do not already have this certification. Cybersecurity Site ISSMs are required to maintain IAM Level III certification as required by DoDD 8140 (8570). What You Will Do: Complete Special Access Programs, and Raytheon GSS required training within 6 months of appointment (annual requirements thereafter). Accountability for all systems under site CAGE and SBU: metrics, Raytheon business process (RCAST), Continuous Monitoring (ConMon) as described by Sr. ISSM. Maintain a working knowledge of all SAP functions, security policies, technical security safeguards, and operational security measures. Interact with Special Access Programs SCA/ISSP to track items including, but not limited to, upcoming authorizations (ATO), new technologies solutions (i.e., new SIEM, OS, etc.), policy interpretations (in conjunction with Sr. ISSM), and onsite A&A. Develop, maintain, and update, in coordination with all system stakeholders (CS Manager, ISO, DT, etc.), applicable site POAM(s) to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions. Coordinate SAP Inspection preparation activities for assigned sites in conjunction with site CPSO/Program Security Manager. Qualifications You Must Have: Typically require a Bachelor's degree with eight years of relevant experience or an advanced degree with five years of relevant experience. Experience supporting cybersecurity compliance as stipulated by DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), and/or National Industrial Security Program Operating Manual (NISPOM) regulations. Direct leadership or project/program management experience. IAM Level I certification (Security+ or other). Active and transferable U.S. government issued Top Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance. Qualifications We Prefer: Master's Degree in Computer Science, Information Systems, Information Technology, Cyber Security, Criminal Justice, Business or other relevant degree. Experience with various information system security tools that address vulnerability analysis and mitigation. Experience in the oversight and execution of the Assessment & Authorization processes (Certification & Accreditation), as defined in JSIG/RMF. Experience in the execution and management of Information System's (IS) incident response and administrative inquiries/investigations. Experience in and execution of a continuous monitoring/improvement program. Experience providing technical security expertise and oversight for complex, cross-domain, heterogeneous classified networked environments. Experience working with the customer, both internal and external in the development of Basis of Estimates (BOE's) and contract negotiations. Experience with any of the following: NISPOM, JAFAN 6/3, DCID 6/3, JSIG/RMF, and ICD-503 or equivalent requirements. Experience in professional engagements with internal and external customers. What We Offer: Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. Relocation Non-Eligible - Relocation assistance not available. Please consider the following role type definition as you apply for this role: Onsite: Employees who are working in Onsite roles will work primarily onsite. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. #J-18808-Ljbffr

Created: 2025-03-05