Project/Unit Description

Cyber Security (CS) is responsible for maintaining the overall security posture of classified systems at GTRI. CS partners with government agencies to provide support for system assessment and authorization to process classified information in both Collateral, Special Access Programs (SAP) and Sensitive Compartment Information (SCI). In addition, CS handles Communication Security (COMSEC) to ensure information is transmitted in a secure manner and in compliance with government regulations.

Job Purpose

ISSM is a contractually recognized role described in the National Industrial Security Program Operating Manual. Oversee the development, implementation, and evaluation of the GTRI Information Systems Program, including insider threat awareness, for facility management, Information Systems personnel, users, and others, as appropriate. Develop, document, and monitor compliance with and reporting of the GTRI Information Security program in accordance with Cognizant Security Agency (CSA)-provided guidelines for management, operational, and technical controls. Conduct self-inspections and implement corrective actions for all identified findings and vulnerabilities. Serve as the principal advisor on all matters, technical and otherwise, involving the security of classified systems at GTRI. Coordinate and manage GTRI activities related to classified information systems requirements, assessment and authorization of classified information, classified information systems configuration management, and project management for the life cycle of classified information systems. Advise GTRI senior management and execute GTRI’s overall strategy for enterprise classified networks and systems to support GTRI’s current and future contractual requirements. Research policies and regulations, interact with various agencies and levels of management, and contribute to establishing and maintaining accredited information systems to support GTRI contracts with the U.S. Government. Research system vulnerabilities and threats to stay on top of the continuous threat against accredited information systems and networks.

Key Responsibilities

• Provide leadership to ISSMs and ISSOs to perform their job duties and comply with various government standards.
• Coordinate and manage GTRI activities related to classified information systems requirements, assessment and authorization of classified information, classified information systems configuration management, and project management for the life cycle of classified information systems.
• Advise GTRI senior management and contribute to the planning of GTRI’s overall strategy for enterprise classified networks and systems to support GTRI’s current and future contractual requirements.
• Prepare work schedules, control workflows, hire and provide technical guidance and operational assistance to ISSMs/ISSOs.
• Develop, maintain, and oversee policies, processes and procedures for the classified Information Systems (IS) security program.
• Responsible for analyzing network security systems and/or information systems. Safeguard networks against unauthorized modification, destruction, or disclosure.
• Research, evaluate, design, test, recommend, communicate, and implement new security software or devices.
• Implement, enforce, communicate, and develop network or other information security policies or security plans for data, software applications, hardware, telecommunications, and computer installations.
• Interpret, research, and formalize Cyber Security policies, concepts, and measures when designing, procuring, adopting, and developing new IS to ensure compliance with Government policies, guidance, and orders.
• Develop and implement IS security education, training, and awareness programs.
• Research and advise Information Technology (IT) staff of technical security safeguards and operational security measures and provide technical support in implementing security controls.
• Have proficiency across several technical domains, develop and produce technical documentations in accordance with Government guidance such as National Industrial Security Program Operating Manual (NISPOM), DCSA Assessment and Authorization Process Manual (DAAPM), Joint Special Access Program (SAP) Implementation Guide (JSIG), Intelligence Community Directive (ICD), National Institute of Standards and Technology (NIST) 800, and Risk Management Framework (RMF). Assist in the implementation of the required government policy and make recommendations on process tailoring.
• Perform examination and quality control inspections on Information Systems Security protections and safeguards to ensure compliance to Government requirements and standards.
• Responsible for discovering users' information protection needs and subsequently designing and creating information systems to safely resist the forces to which they may be subjected.
• Define system security requirements, design system security architecture and develop detailed security designs.
• Assess information protection effectiveness and plan and manage technical efforts.
• Manage system security requirements for GTRI’s accredited information systems and assure continuous system compliance. Perform extensive assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Achieve this through passive evaluations (compliance audits) and active evaluations (vulnerability assessments).
• Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Responsible maintaining operational security posture for systems by enforcing established security policies, procedures, and standards.
• Ensure Configuration Management

Required Minimum Qualifications

• Bachelor's degree in Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security or related fields.
• The Ability to Obtain and Maintain a Top-Secret Security Clearance.
• Five years or more job-related experience including managing a team of technical professionals.
• DoD Directive 8570.1 IAM Level II or higher certification.
• Experience as an ISSM implementing NIST RMF requirements.
• Experience identifying system vulnerabilities and implementing mitigation strategies.
• Ability to work in a team environment as well as independently with excellent problem-solving and decision-making abilities.
• Demonstrate excellent written and verbal communication skills.

Preferred Qualifications

• Active Top-Secret Clearance
• Master's degree or higher in Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information
• Security or related fields.
• Possess an active Top Secret security clearance
• DoD Directive 8570.1 IAM Level III certification (CISSP Preferred).
• Experience in an environment and culture steeped in teamwork and collaboration working on challenging technical projects.
• Experience working with eMASS.

Travel Requirements

<10% travel

Education and Length of Experience-

This position vacancy is an open-rank announcement. The final job offer will be dependent on candidate qualifications in alignment with Research Faculty Extension Professional ranks as outlined in section 3.2.1 of the Georgia Tech Faculty Handbook

• 14 years of related experience with a Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security or related fields.
• 12 years of related experience with a Masters’ degree in Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security or related fields.
• 9 years of related experience with a Ph.D. in Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security or related fields.

U.S. Citizenship Requirements

-Delete the line below that does not apply to this position-

Not Applicable

Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.

Clearance Type Required

-Delete the lines below that do not apply to this position-

None

Candidates must be able to obtain and maintain an active security clearance.

Benefits at GTRI

Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://hr.gatech.edu/benefits

Diversity & Inclusion