5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
See more jobs for students and recent grads who studied:
Information System Security Manager (ISSM)
DDC IT Services, LLC | Ogden, Utah
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description


NOVA Corporation is 100% tribally owned by the Navajo Nation.

NOVA Corporation is dedicated to providing outstanding services to its customers and employees. Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.

NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence. Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.

NOVA Corporation provides unique, custom solutions to meet our customers' communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.

NOVA Corporation will accommodate individuals with disabilities that need assistance applying for open positions.

Advertised Job Title

Information System Security Manager (ISSM)


Provide senior level support in cybersecurity best practices regarding system hardening, DIACAP, Risk Management Framework, and reading, creating and understanding technical processes.

Duties & responsibilities:

* A&A Support. Prepare and review Mission Partner security assessment and authorization documents and artifacts in accordance with (IAW) with all DoD A&A regulations and governance. Document Mission Partner security findings using cybersecurity tools to include eMASS and ESPS. Register and maintain information system programs in DoD's mandated program registration system. Verify information system Ports, Protocols and Services (PPS) are acquired, developed, implemented, maintained, and registered in DoD's central registry system. Ensure applicable NIPRNet, SIPRNet, and isolated environment information system programs are registered in DoD's mandated A&A repository. Monitor and report Mission Partner program's Authority to Operate (ATO) expiration dates. Initiate, process, and monitor authorizing official (AO) risk acceptance, Plans of Action and Milestones (POA&M), waiver, and reciprocity processing. Use the Office of the Secretary of Defense's (OSD) official Knowledge Service portal as authoritative source for RMF policy and implementation guidelines. Provide documentation regarding the security posture of DoD Information Systems (IS) and Planned Information technology (PIT) systems to promote reciprocity as described in DoD Instruction (DoDI) 8500.01 and to assist AOs from other organizations in making credible, risk-based decisions.

- Cybersecurity compliance. Assist in DoD supported audits, to include auditing and reporting of systems, networks, documentation, cybersecurity controls, DoD 8570.1-M requirements, information assurance vulnerability management (IAVM) notifications, and STIG. Conduct technical analysis of vulnerabilities to determine the impact to the DISA Enterprise cybersecurity posture. Create, maintain, and document functional processes that ensures cybersecurity requirements are identified and implemented throughout the system lifecycle, to include acquisition, design, development, testing, integration, implementation, operation, upgrade, and/or replacement.

- Risk Management. Implement DoD multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets IAW National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 (Reference (o)) and Committee on National Security Systems (CNSS) Policy (CNSSP) 22. Create, maintain and document a risk management process for identifying, validating and reporting risks. Address, manage and integrate cybersecurity risk management throughout information technology life cycle, from acquisition to decommission. Perform, maintain, document and report on risk assessments IAW applicable DoD cybersecurity policies, standards, and architectures for Mission Partner information system programs to provide vulnerability posture awareness. Create, maintain, document and report risks associated with DoD cyberspace vulnerabilities and adversary threats impacting DoD employment of capabilities to achieve military, intelligence, and business operations objectives, and risk assessment mitigations associated with weaknesses or flaws introduced through faulty system design, configuration, and/or use. Assist and provide technical security expertise to the DISA Enterprise Information System Security Manager (ISSM) with researching and integrating new technologies (to include risks and benefits) pertaining to programs, systems, networks and the adherence to applicable cybersecurity requirements. Ensure information systems are assigned to and governed by a DoD component cybersecurity program that manages risk commensurate with the categorization of supported missions and the value of potentially affected information or assets.



Skills Required:

* Good analytical and reporting skills
* Good communication skills
* Good documentation and process skills
* Microsoft Office (Excel, Power-Point, Word, Outlook)
* Experience with Remedy IT Ticketing system

Competencies Required:

* DOD Cyber Security Best Practices
* Ten years of relevant experience


Must possess one of the following certifications for IAM II compliance:

* CISSP (or Associate)

Technical Skills Required:

* Microsoft Office (Excel, PowerPoint, Word, Outlook)
* Internet
* SharePoint

Education Requirements

Bachelor's degree or relevant experience in lieu of a college degree.

Certifications Required

IAM Level II

Certifications Preferred


Clearance Required