Qualis, LLC is seeking a skilled Information Systems Security Manager (ISSM) to join our Advanced Technology Group at our Huntsville, AL office. In this role, you will oversee the implementation of comprehensive cybersecurity and information assurance strategies for our programs. The ISSM will be responsible for ensuring compliance with Federal laws, Department of Defense (DoD) requirements, and applicable frameworks, including the Risk Management Framework (RMF) and NIST standards. This role involves managing the accreditation of software, systems, and networks, supporting the delivery of Authorizations to Operate (ATO), Interim Authority to Test (IATT), and Assess Only (AO) authorizations. The ideal candidate will have extensive experience in information assurance, cybersecurity assessments, risk management, and documentation preparation for accreditation and compliance. This is a key position that ensures the security and integrity of our information systems while meeting mission-critical objectives.
Responsibilities:
- Manage and oversee a robust Risk Management Framework (RMF) compliance program in accordance with DoD requirements, NISPOM/DAAPM, JSIG, ICD 503, STIGs, and NIST publications (e.g., SP 800-37, SP 800-53).
- Obtain and maintain Authority to Operate (ATO), Interim Authority to Test (IATT), and Access Only (AO) approvals for software, information systems, and networks by preparing and delivering required documentation and artifacts.
- Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other essential security documentation.
- Perform continuous monitoring of systems, including weekly or monthly security control reviews, vulnerability management, and system audits.
- Provide security design guidance, analysis, and technical recommendations throughout the RMF process, ensuring compliance with cybersecurity standards and addressing vulnerabilities.
- Coordinate and collaborate with system owners, engineers, security officers, and stakeholders to ensure compliance with cybersecurity regulations and mission objectives.
- Conduct and support technical security assessments, such as cybersecurity scans, site surveys, and Security Impact Assessments (SIAs) for system changes.
- Support the accreditation and authorization of systems, equipment, and networks by modifying configurations to comply with government cybersecurity constraints.
- Oversee incident response, secure configuration management, event management, and account management processes.
- Prepare for and support internal and external cybersecurity reviews, inspections, and audits (e.g., DCSA visits, self-inspections).
- Utilize tools such as the Enterprise Mission Assurance Support Service (eMASS) to manage system authorizations and compliance.
- Lead the development and execution of cybersecurity policies, procedures, and education/awareness programs.
Requirements
Qualifications:
- Bachelor’s degree in a STEM field (e.g., Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics) from an ABET-accredited university or equivalent work experience.
- 5+ years of relevant technical experience in IT support, systems administration, cybersecurity, or related fields.
- Demonstrated experience with the DoD Risk Management Framework (RMF) and NIST SP 800-53, including implementation, accreditation, and continuous monitoring.
- Hands-on experience with system administration in both Linux and Windows environments.
- Experience with security tools such as Nessus, SCAP, ACAS, and other compliance and vulnerability scanning tools.
- Proven ability to develop and maintain security documentation (e.g., System Security Plans, POA&Ms, Security Impact Assessments).
- Strong background in incident response, vulnerability assessments, and system audits.
- Experience with classified systems, SAP, and compliance with DFARS 252.204-7012.
- Familiarity with Army RMF processes and DoD policies is a plus.
- Strong organizational, analytical, and troubleshooting skills.
- Ability to work independently in a fast-paced, multidisciplinary team environment.
- Excellent verbal and written communication skills for preparing reports, training materials, and interfacing with stakeholders.
- Proficient in Microsoft Office tools (Word, PowerPoint, Excel, Visio).
- High level of personal motivation and initiative to learn and adapt to evolving cybersecurity environments.
- Knowledge of secure software design, secure architecture, and coding techniques.
- Active DoD Secret Security Clearance required (Top Secret preferred).
Preferred additional certifications and experience:
- Certified Information Systems Security Professional (CISSP).
- Security+ CE certification or higher (e.g., CISSP, CISM) in accordance with DoD 8570.1M requirements.
- Certified Information Security Manager (CISM).
- ISC2 CAP (Certified Authorization Professional).
- Linux certifications (e.g., Red Hat Certified System Administrator/Engineer, LPI certification).
- Supporting Army or DoD RMF processes.
- Development of organizational information systems and secure upgrades of legacy systems.
- Conducting and managing security inspections and audits (e.g., DCSA, self-inspections).
- Familiarity with emerging IT and cybersecurity technologies.
Benefits
Qualis Corporation is committed to hiring and retaining a diverse and talented workforce who can contribute to the mission and vision of the Company. Our employees are our greatest asset and we promote a positive work environment, teamwork, professional growth, innovation, community involvement, flexible scheduling and a family-friendly work environment.
Equal Opportunity Employer/M/F/Vet/Disabled and a Participant in E-Verify