An official website of the United States government Here’s how you know

Menu

Home
/
Careers at CISA SHARE:
Cybersecurity &
Infrastructure Security
Agency
Careers

Information Systems Security

Manager

CISA Information Systems Security

Manager
This role is responsible for the cybersecurity of a program, organization, system, or enclave.

Personnel performing this role may unofficially or alternatively be called:

Information Systems Security Officer (ISSO)

Cybersecurity Officer
Enterprise Security Officer
Common Control Provider
Security Domain Specialist
Information Assurance Analyst
Information Assurance Security Manager
Information Assurance Security Officer
Information Systems Security Specialist

Skill Community: Cybersecurity

Category: Oversee and Govern
Specialty Area: Cybersecurity Management
Work Role Code: 722

Core Tasks
Acquire and manage the necessary resources, including leadership support,
financial resources, and key security personnel, to support information
technology (IT) security goals and objectives and reduce overall organizational
risk. (T0001)
Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels
and security posture. (T0003)
Advise appropriate senior leadership or Authorizing Official of changes
affecting the organization's cybersecurity posture. (T0005)
Collect and maintain data needed to meet system cybersecurity reporting.
(T0024)
Communicate the value of information technology (IT) security throughout all
levels of the organization stakeholders. (T0025)
Ensure that security improvement actions are evaluated, validated, and
implemented as required. (T0089)
Ensure that cybersecurity inspections, tests, and reviews are coordinated for
the network environment. (T0091)
Ensure that cybersecurity requirements are integrated into the continuity
planning for that system and/or organization(s). (T0092)
Evaluate and approve development efforts to ensure that baseline security
safeguards are appropriately installed. (T0097)
Identify alternative information security strategies to address organizational
security objective. (T0106)
Identify information technology (IT) security program implications of new
technologies or technology upgrades. (T0115)
Interpret patterns of noncompliance to determine their impact on levels of risk
and/or overall effectiveness of the enterprise's cybersecurity program. (T0133)
Manage the monitoring of information security data sources to maintain
organizational situational awareness. (T0147)
Oversee the information security training and awareness program. (T0157)
Participate in an information security risk assessment during the Security
Assessment and Authorization process. (T0158)
Participate in the development or modification of the computer environment
cybersecurity program plans and requirements. (T0159)
Prepare, distribute, and maintain plans, instructions, guidance, and standard
operating procedures concerning the security of network system(s) operations.
(T0192)
Provide system-related input on cybersecurity requirements to be included in
statements of work and other appropriate procurement documents. (T0211)
Recognize a possible security violation and take appropriate action to report
the incident, as required. (T0215)
Recommend resource allocations required to securely operate and maintain
an organization's cybersecurity requirements. (T0219)
Supervise or manage protective or corrective measures when a cybersecurity
incident or vulnerability is discovered. (T0229)
Track audit findings and recommendations to ensure that appropriate
mitigation actions are taken. (T0234)
Promote awareness of security issues among management and ensure sound
security principles are reflected in the organization's vision and goals. (T0248)
Oversee policy standards and implementation strategies to ensure procedures
and guidelines comply with cybersecurity policies. (T0254)
Identify security requirements specific to an information technology (IT) system
in all phases of the system life cycle. (T0263)
Ensure that plans of actions and milestones or remediation plans are in place
for vulnerabilities identified during risk assessments, audits, inspections, etc.
(T0264)
Assure successful implementation and functionality of security requirements
and appropriate information technology (IT) policies and procedures that are
consistent with the organization's mission and goals. (T0265)
Support necessary compliance activities (e.g., ensure that system security
configuration guidelines are followed, compliance monitoring occurs). (T0275)
Continuously validate the organization against
policies/guidelines/procedures/regulations/laws to ensure compliance. (T0280)

Core Competencies
Business Continuity
Computer Network Defense
Database Administration
Encryption
Enterprise Architecture
Information Systems/Network Security
Information Technology Assessment
Legal, Government, and Jurisprudence
Network Management
Operating Systems
Policy Management
Risk Management
Technology Awareness
Threat Analysis
Vulnerabilities Assessment

Core Knowledge
Knowledge of data backup and recovery. (K0021)
Knowledge of business continuity and disaster recovery continuity of
operations plans. (K0026)
Knowledge of intrusion detection methodologies and techniques for detecting
host and network-based intrusions. (K0046)
Knowledge of controls related to the use, processing, storage, and
transmission of data. (K0622)
Knowledge of encryption algorithms. (K0018)
Knowledge of the organization's enterprise information technology (IT) goals
and objectives. (K0101)
Knowledge of network security architecture concepts including topology,
protocols, components, and principles (e.g., application of defense-in-depth).
(K0179)
Knowledge of measures or indicators of system performance and availability.
(K0053)
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S.
Code), Presidential Directives, executive branch guidelines, and/or
administrative/criminal legal guidelines and procedures. (K0168)
Knowledge of laws, policies, procedures, or governance relevant to
cybersecurity for critical infrastructures. (K0267)
Knowledge of network traffic analysis methods. (K0058)
Knowledge of network systems management principles, models, methods
(e.g., end-to-end systems performance monitoring), and tools. (K0180)
Knowledge of server and client operating systems. (K0077)
Skill in creating policies that reflect system security objectives. (S0018)
Knowledge of information technology (IT) supply chain security and supply
chain risk management policies, requirements, and procedures. (K0169)
Knowledge of new and emerging information technology (IT) and cybersecurity
technologies. (K0059)
Knowledge of current and emerging threats/threat vectors. (K0151)
Knowledge of vulnerability information dissemination sources (e.g., alerts,
advisories, errata, and bulletins). (K0040)
Knowledge of system and application security threats and vulnerabilities (e.g.,
buffer overflow, mobile code, cross-site scripting, Procedural
Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious code).
(K0070)
Knowledge of what constitutes a network attack and a network attack's
relationship to both threats and vulnerabilities. (K0106)
Knowledge of penetration testing principles, tools, and techniques. (K0342)

How To Apply
Join the Mission! CISA is always searching for diverse, talented, and highly motivated
professionals to continue its mission of securing the nation's critical infrastructure. CISA is
more than a great place to work; our workforce tackles the risks and threats that matter
most to the nation, our families, and communities.

To join this mission, visit USAJOBs and/or the DHS Cybersecurity Service to view job
announcements and to access the application. Be sure to tailor your resume to the specific
job announcement, attach relevant documents, and complete all required assessments.

When applying for CISA's cyber positions, please review CISA's cyber roles above and
update your resume to align your experience with the listed competencies. Your resume
must also show demonstrated cyber/IT related experience in:

Attention to Detail
Customer Service
Oral Communication
Problem Solving

To receive email notifications when new CISA positions are announced, set up a "saved
search " on USAJOBs with keyword "Cybersecurity and Infrastructure Security Agency."

Individuals eligible for special hiring authorities may also be considered during CISA's
one-stop hiring events or by emailing Veterans@cisa.dhs.gov or Careers@cisa.dhs.gov .

Return to top

Topics Spotlight Resources & Tools News & Events Careers About

CISA Central
888-282-0870
Central@cisa.dhs.gov

Cybersecurity & Infrastructure

Security Agency
CISA.gov
An official website of the U.S. Department of Homeland Security

DHS
About CISA Accessibility Budget and Performance
Seal
DHS.gov FOIA Requests No FEAR Act

Office of Inspector General Privacy Policy The White House

USA.gov Website Feedback

National Terrorism Advisory

System

Put this widget on your web page