PitchMeAI
The University of Texas at Austin

Alternate Information Security Compliance Manager

The University of Texas at Austin · Austin, TX

  • On site
  • Full-time
  • $124,800 / year
  • Austin, TX

Job highlights

  • Manage security compliance for classified systems.
  • Support IT governance, risk, and compliance functions.
  • Ensure RMF, NIST, DAAG, JSIG compliance.
  • Conduct continuous monitoring and self-assessments.
  • Supervise a team of compliance analysts.

About the role

Alternate Information Security Compliance Manager

Hiring Department:

Applied Research Laboratories

Purpose

The Alternate Information Security Compliance Manager will help scale ARL:UT's compliance program to accommodate growing and evolving organizational and customer needs. This role provides backup support for the Information Security Compliance Manager and assists the Information System Security Manager in reviewing classified information systems. Collaboration with internal and external stakeholders, including system engineers, administrators, sponsors, and other organizations, is key.

Responsibilities

  • Ensuring classified systems adhere to government and ARL regulations while meeting program demands and maintaining an accredited state.
  • Assisting with daily IT governance, risk management, and compliance functions.
  • Ensuring classified information systems comply with Risk Management Framework (RMF) requirements for National Security computing environments, as defined by NIST 800-Series, DAAG, and JSIG.
  • Conducting continuous monitoring reviews and self-assessments of classified information systems and their security controls for government and ARL policy compliance.
  • Overseeing compliance assurance for daily information security measures in line with NISPOM, DAAG, JSIG, DISA, and other RMF requirements.
  • Assisting in updating and maintaining system-level Plan of Action and Milestones (POA&M) through compliance checks, STIG, SCAP, and Nessus Scanning reviews.
  • Drafting detailed reports on compliance and self-inspection outcomes for management review.
  • Managing and maintaining a compliance database, including control policy descriptions and compliance status.
  • Supervising a small team of Information Security Compliance Analysts.
  • Performing other related functions as assigned.

Required Qualifications

  • High School Diploma/GED.
  • Five years of relevant cybersecurity experience, including compliance assessment and planning through STIG and POA&M processes.
  • Two years of experience with RMF, DAAG, NISPOM, JSIG, or equivalent security frameworks.
  • Ability to assess security posture by identifying and mitigating vulnerabilities.
  • A current Security+ or IAM/IAT II equivalent level certification, or completion upon start date.
  • Strong multitasking skills with attention to detail.
  • Relevant education and experience may be substituted as appropriate.
  • US Citizenship is required.

The selected applicant will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Employment is contingent upon obtaining and maintaining the necessary security clearance.

Preferred Qualifications

  • Bachelor's Degree in Computer Science, Cyber Security, or related field.
  • Experience as an Auditor, ISSO, ISSE, Security Architect, or Information Security Analyst.
  • 5+ years of cybersecurity experience in classified DoD environments.
  • Over five years of experience with Linux environments.
  • Experience with vulnerability/compliance scanning tools (ACAS/Nessus, Retina, MBSA, SCAP, etc.).
  • Experience with STIG/SRG compliance configuration implementation.
  • Eligibility for immediate access to classified information.

Key skills/competency

  • Information Security Compliance Manager
  • Cybersecurity
  • Risk Management Framework (RMF)
  • NIST 800-Series
  • STIG
  • POA&M
  • Classified Information Systems
  • Nessus Scanning
  • Compliance Database Management
  • Security Auditing

Skills & topics

  • Information Security Compliance Manager
  • Cybersecurity
  • RMF
  • NIST
  • STIG
  • POA&M
  • Classified Information Systems
  • Security Assessment
  • Risk Management
  • IT Governance

How to get hired

  • Tailor your resume: Highlight experience with RMF, NIST, STIG, and POA&M processes, aligning with the "Alternate Information Security Compliance Manager" role.
  • Craft a compelling letter of interest: Emphasize your cybersecurity background and suitability for handling classified information systems at The University of Texas at Austin.
  • Prepare for security investigation: Be ready to provide details for a government security investigation, including eligibility for classified information access.
  • Showcase technical and soft skills: Demonstrate your multitasking abilities, attention to detail, and experience supervising a team during the interview process.

Technical preparation

Master NIST, RMF, DAAG, JSIG, NISPOM, STIGs.,Practice STIG, POA&M, and Nessus scanning.,Develop skills in vulnerability assessment.,Gain experience with Linux environments.

Behavioral questions

Describe a complex compliance issue you resolved.,How do you handle multitasking and prioritization?,Share an experience supervising a team.,How do you ensure attention to detail?

Frequently asked questions

What are the key security frameworks required for the Information Security Compliance Manager role at The University of Texas at Austin?
The Alternate Information Security Compliance Manager position requires experience with frameworks such as the Risk Management Framework (RMF), NIST 800-Series, Defense Counterintelligence and Security Agency Assessment and Authorization Guidance (DAAG), and the Joint Special Access Program Implementation Guide (JSIG), along with NISPOM and STIGs.
Is US citizenship a strict requirement for the Information Security Compliance Manager position at The University of Texas at Austin?
Yes, US citizenship is a mandatory requirement for this Alternate Information Security Compliance Manager role. The selected applicant will undergo a government security investigation and must be eligible for access to classified information.
What level of experience is expected for the Information Security Compliance Manager role?
The position requires five years of relevant cybersecurity experience, including compliance assessment and planning. Additionally, two years of experience with specific security frameworks like RMF, DAAG, NISPOM, or JSIG is necessary for the Alternate Information Security Compliance Manager.
What kind of security clearance is needed for the Alternate Information Security Compliance Manager job?
Applicants for the Alternate Information Security Compliance Manager position must be eligible for and able to maintain the level of access to classified information appropriate for the project requirements. This involves a government security investigation.
Does The University of Texas at Austin offer remote work for the Information Security Compliance Manager position?
The job posting specifies the location as PICKLE RESEARCH CAMPUS, suggesting an on-site or potentially hybrid work arrangement. No explicit mention of remote work is made for this Alternate Information Security Compliance Manager role.
What technical skills are crucial for the Information Security Compliance Manager role?
Key technical skills include expertise in compliance assessment, STIG and POA&M processes, RMF, NIST, vulnerability scanning tools (like Nessus), and STIG/SRG configuration implementation for the Alternate Information Security Compliance Manager.
What certifications are required or preferred for the Information Security Compliance Manager position?
A Security+ or IAM/IAT II equivalent certification is required. Preferred qualifications may include additional cybersecurity certifications and experience demonstrating a strong understanding of security frameworks for this Alternate Information Security Compliance Manager role.