Information System Security Manager

o Apply continuous monitoring techniques to evaluate system security posture.

o Compile information and support required for cyber evaluations, inspections, assessments, and reporting tasks, as directed, such as the Joint Staff Cybersecurity Scorecard.

o Conduct reviews of information systems to ensure security compliance.

o Coordinate with internal and external stakeholders to obtain and organize required documentation.

o Develop A&A documentation for Government approval, as directed, IAW DoD and CCMD Policies

o Develop CCMD cyber security policies for Government approval.

o Ensure appropriate operational security posture is maintained.

o Ensure emergent systems are compliant during engineering and integration, prior to transition into operations and maintenance.

o Ensure required compliance reporting is published in the authoritative systems of record IAW DoD and CCMD Policies.

o Evaluate and implement all applicable DoD orders and directives

o Evaluate, from a security perspective, new, replacement, trial, or test equipment or software being brought into authorization boundaries.

o If compliance cannot be met on any order or directive, provide a Plan of Action and Milestones (POA&M) to the Government for approval within the directed timelines.

o Implement and support all phases of Risk Management Framework (RMF).

o Maintain scanning results and develop vulnerability trend reports IAW DoD and CCMD procedures.

o Manage and maintain the RMF Assessment and Authorization (A&A) program

o Obtain, maintain, and manage A&A documentation for Cross-Domain Solutions for connection authorization

o Obtain, maintain, and manage A&A documentation for External Systems (for example, Program-Managed Systems) for connection authorization via cybersecurity reciprocity.

o Perform and document Risk Assessments of findings (for example, vulnerabilities, non-compliant areas) identified through Continuous Monitoring Activities. Recommend courses of action for addressing all findings.

o Perform and maintain system registrations IAW DoD and CCMD Policy. These registrations include, but are not limited to, those in the Ports, Protocols, and Services Management (PPSM) database, Systems/Network Approval

o Process (SNAP), DoD NIPR DMZ Whitelist, and DoD IT Portfolio Repository (DITPR).

o Perform response actions to instances of other security incidents, for example, Unauthorized Disclosures of Classified Information (UDCI), Cross-Domain Violations, and Unauthorized Activity, as directed, IAW DoD and CCMD Procedures.

o Perform Security Control Assessments of software and hardware being considered for the command's Approved Product List.

o Perform technical writing to develop, update, organize, maintain, and track required RMF documentation. Examples include technical documents, templates, and support agreements, exceptions to policy, diagrams, and illustrations.

o Track the implementation status of recommended/required actions derived from exercises and inspections, as directed.

o Work with Designated Authorizing Official (DAO) to ensure systems obtain and maintain accreditation.