Iron Mountain Information Systems Security Manager in Washington, District Of Columbia

Overview

Founded in 1951, Iron Mountain Incorporated (NYSE: IRM) is the global leader in storage and information management services. Iron Mountain is committed to storing, managing and transforming what our customers value most, from paper records to data to priceless works of art and culture. Providing a full suite of solutions – records and information management, data management, digital solutions, data centers and secure destruction – Iron Mountain enables organizations to lower storage costs, comply with regulations, recover from disaster, and protect their data and assets from a complex world. Visit the company website at www.ironmountain.com for more information.

Iron Mountain enables 94% of the Fortune 1000 to smartly and securely manage their physical and digital information assets. With unmatched innovation and collaboration, our teams create information management solutions for our customers’ data, no matter what format, location or lifecycle stage it’s in and no matter where it’s kept. We are more than 17,000 people strong and growing. We’ve been a trusted records management leader since 1951.

Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.

Iron Mountain complies with the Accessibility for Ontarians with Disabilities Act and welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Responsibilities

The ISSM will be responsible for managing and maturing the company’s Federal Information Security Modernization Act (FISMA) and DSS Assessment and Authorization Process Manual (DAAPM) S/he will support all aspects of the information system life cycle activities as defined in Risk Management Framework (RMF NIST 800-37) and related customer/government agencies’ implementations of the RMF. They will maintain a formal IS security program that facilities an effective and efficient Certification and Accreditation processes. This will include but not limited to the develop System Security Plans (SSP), oversee the Information System Security Officers (ISSO), managing a comprehensive continuous monitoring and the development of the associated metrics. S/he will ensure all deficiencies are addressed in a Plan of Action and Milestones (POA&M), track remediation’s tasks and report status to senior leadership.

Qualifications

  • Bachelor’s degree in Computer Science, Business Information Systems, Business, or equivalent is preferred.

  • 3-5 years of Assessment and Authorization experience with FISMA, DSS and the DoD Risk Management Framework (RMF).

  • Current CISSP certification is preferred.

  • IAM Level 3 Certification (GSLC, CISM, or CISSP) or ability to obtain within 3 months.

  • Have or be able to obtain US security clearance up to the TS level

  • MSSP/SSP/NSP documentation and review experience in a FISMA/DSS/DoD environment

  • Demonstrated interpersonal effectiveness, strong verbal and written communications skills

  • Experience supporting both Windows and Linux operating environments (at least 1 year practical experience desired).

  • Previous experience managing and supporting FISMA and DSS/NISPOM related environments

  • Strong technical IT computer skills are desired.

  • Working knowledge of NISPOM and DD 254

  • Assist in developing and reviewing MSSPs/SSPs/NSPs submitted by ISSOs for authorization and accreditation

  • Experience working with government regulations, such as NISPOM and Risk Management Framework and related documents based on customer requirements

  • Comprehensive and hands on knowledge of the NIST Risk Management Framework (RMF) as detailed in NIST 800-37 and DSS Assessment and Authorization Process Manual (DAAPM)

  • Experience with implementing & supporting NIST 800-53

  • Experience supporting various system configurations (Stand Alone, Local Area Networks, Wide Area Networks)

  • Experience with certifying compliance and auditing the security aspects of various operating systems and applications

  • Experience writing and reviewing Interconnected Security Agreements (ISA), Network Security Plans (NSP), Memorandum of Agreement/Understanding (MOA/U)

  • Ability to handle difficult people and/or situations in high pressure environments and make tough decisions

  • Customer focused and excellent time management skills

  • Experience configuring systems for classified operations using STIGS and/or other classified compliance guidelines.

  • Technical understanding and working experience of various Operating system, network technologies and security applications.

  • Working knowledge of National Industrial Security Operating Manual (NISPOM)

  • Travel :10-20%

Compliance Obligations:

It is the responsibility of every Iron Mountain employee:

  • to comply with all applicable laws, rules, regulations, and company policies

  • to exhibit ethical behavior in accordance with our Code of Ethics and Business Conduct

  • to complete required training within the allotted time frame

Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.

Requisition # 2018-17530

Category Security

Type Full-Time

Work From Home (Virtual) Yes