Westinghouse Electric Company

Information System Security Manager

Westinghouse Electric Company

full-time

Posted on:

Location Type: Office

Location: Cranberry Township • Pennsylvania • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $103,200 - $129,000 per year

Job Level

Mid-LevelSenior

Tech Stack

Cyber Security

About the role

  • Be the designated Information Systems Security Manager (ISSM) responsible for overseeing the security, accreditation, and compliance of all WGS protected information systems processing Classified or Controlled Unclassified Information (CUI).
  • Establish and improve WGS's Information System Security Program, ensuring agreement on federal cybersecurity standards, corporate policies, and contractual requirements.
  • Be the Responsible System Owner (RSO) for protected systems and maintain accountability for their security posture throughout their lifecycle.
  • Develop, document, and maintain Risk Management Framework (RMF) and Assessment & Authorization (A&A) documentation
  • Certify in writing to the Cognizant Security Agency (CSA) that we implement the System Security Plan (SSP). Additionally, certify that required controls are in place and tested, and that systems continue to operate as authorized.
  • Ensure compliance with all applicable cybersecurity requirements.
  • Conduct or oversee self-inspections and audits on WGS protected systems at least annually; document, track, and resolve corrective actions.
  • Collaborate with the IT Department, External Service Provider (ESP), and Managed Service Provider (MSP) to provide cybersecurity governance and guidance. This ensures that technical operations align with approved configurations, security baselines, and accreditation requirements.
  • Review and assess configuration changes and vulnerabilities with input from IT and network providers to determine security impact and obtain required approvals (FSO, IT, ESP) prior to implementation.
  • Maintain the Security Controls Traceability Matrix (SCTM) to document implementation of applicable NIST 800-53 and 800-171 controls
  • Integrate Insider Threat awareness and reporting requirements into the WGS information system security program with the Insider Threat Senior Program Official.
  • Ensure that we provide all authorized users with security training and briefings prior to system access and that we maintain and validate user access lists regularly.
  • Maintain daily awareness and monitoring of information systems through security event log reviews, vulnerability analysis, and audit trail inspections.
  • Collaborate with the Corporate Facility Security Officer (FSO), Program Management, IT department and ESP to address incidents, reportable events, and non-compliance findings, ensuring reporting to appropriate authorities.
  • Investigate and report security violations and incidents, coordinating with corporate security and government customers.
  • Maintain working relationships with Program Management, corporate partners, government customers, and subcontractors to ensure security governance and communication.
  • Respond to emergency situations and alarms to support operational continuity and security response.
  • Maintain IAM Level III certification (CISM, CISSP or Associate, GSLC, or CCISO) under DoD 8570 baseline requirements.
  • Respond to emergency situations and alarms.
  • Perform other duties as assigned, in alignment with role qualifications, security needs, and operational requirements.

Requirements

  • Bachelor's degree in a related field, or four years of equivalent experience in addition to the experience outlined below.
  • Five or more years of experience are required. This experience may be a combination of industry and U.S. military experience. It should include experience as an ISSM implementing various standards, such as 32 CFR 117, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements.
  • Familiarity with vulnerability scans, ODAA Baseline Standard Requirements, and the Risk Management Framework (RMF).
  • U.S. Citizenship and the ability to maintain national security eligibility required.
  • One of the following certifications: CISM, CISSP (or Associate), GSLC, or CCISO (DoD 8750) preferred.
Benefits
  • Comprehensive Medical benefits which could include medical, dental, vision, prescription coverage and Health Savings Account (HSA) with employer contributions options
  • Wellness Programs designed to support employees in maintaining their health and well-being including Employee Assistance Program providing support for our employees and their household members
  • 401(k) with Company Match Contributions to support employees' retirement
  • Paid Vacations and Company Holidays
  • Opportunities for Flexible Work Arrangements to promote work-life balance
  • Educational Reimbursement and Comprehensive Career Programs to help employees grow in their careers
  • Global Recognition and Service Programs to celebrate employee accomplishments and service
  • Employee Referral Program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Information Systems Security ManagerRisk Management FrameworkAssessment & AuthorizationSystem Security PlanSecurity Controls Traceability Matrixvulnerability analysissecurity event log reviewsInsider Threat awarenesscompliance auditingconfiguration management
Soft skills
collaborationcommunicationincident responseproblem-solvingleadershipaccountabilityorganizational skillstraining and developmentrelationship managementemergency response
Certifications
CISMCISSPGSLCCCISODoD 8570national security eligibility