The Information Systems Security Officer (ISSO) is responsible for classified/Unclassified programs Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements. The ISSO closely interfaces and collaborates with government customers, system owners, Cybersecurity/Information Assurance (IA) professionals, System Administrators, engineering community on compliance and configuration change management. The ISSO’s primary focus is ensuring the confidentiality, integrity, and availability of information systems. The ISSO is a vital contributor to the program and operates in a highly dynamic and fast-paced environment.
· Leads Cybersecurity/IA efforts by establishing or validating the system, its functions, information types operating environments, and security requirements
· Coordinates with Government, customers, partners, and Authorization Officials (AO) to prepare systems for Assessment & Authorization (A&A) in accordance with established NIST guidelines
· Creates and Maintains A&A/RMF documentation: Security Plan, Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, Risk Assessment Report, Security Assessment Plan and Report; Contingency Plan, Incident Response Plan, and Configuration Management
· Monitors and refines cybersecurity requirements and ensures that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
· Provides continuous security monitoring of unclassified/classified systems
· Applies current computer science technologies to the development, evaluation, and integration of computer systems and networks to maintain system security for unclassified/classified information systems
· Develops and maintains all DoD requirements, including the DAAPM & Risk Management Framework (RMF) standards to ensure compliance with the National Industrial Security Program Operating Manual (NISPOM)
· Assist in the development and implementation of policies and System Security Plans supporting government agency requirements
· Works in a fast-paced production environment with the ability to handle multiple competing tasks and demands simultaneously.
· Conducts security control assessments; reviews the adequacy of the security controls and their ability to protect the system and its information; tailor the security controls to ensure compliance
· Supports cybersecurity activities concerned with technical development, scheduling, and resolving engineering design and test problems.
· Participates in proposal efforts containing Cybersecurity/IA-related SOW/tasks to address scope, capability, cost, schedule, and resources
· Reads, interprets, and implements Cybersecurity/IA regulations and requirements; develop and maintain managerial, operational, and technical Cybersecurity/IA skillset
· Collaborates with security managers (both government and local), other SSE’s and SSM’s to define, improve, implement and maintain information security policies, strategies, and procedures
· Supports Corporate-wide Security initiatives
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for the job. Duties, responsibilities and activities may change at any time with or without notice.
· Bachelor s Degree, ideally in Information System Security, Computer Science, Cybersecurity, or equivalent related experience
· 8+ years of hands on experience in System Security, or Cybersecurity/Risk Compliance
· Certifications: CISSP, CISA, CISM, CASP, CEH, and/or Security+
· Completion of the DSS CDSE/STEPP RMF Training
· Must have an in-depth knowledge of the security authorization processes and procedures as define in the Risk Management Framework and be familiar with the CNSSI1253, NIST SPs 800-37, 800-53, etc.
· Must have experience in several of the following areas: knowledge of current security tools, hardware/software security implementation; different communication protocols; and encryption techniques/tools
· Substantial communication and interpersonal skills to advise customers of DoD and company industrial security policies and procedures
· Experience with development documentation for systems down to the technical component, software, firmware, and interface level
· Demonstrates ability to follow engineering processes and verify technical requirements
· Ability to work under pressure and with limited supervision, and work well with others in a large and diverse environment
· Ability to successfully prioritize and manage to completion multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions
Essential Mental Requirements
· Excellent written and spoken communication skills for documentation, intra-team, and interdisciplinary communication.
· Able to focus on multiple projects at once.
· Organized and detail-oriented
· Ability to operate in a high-paced work environment
Essential Physical Requirements
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; talk or hear. The employee must occasionally lift or move office products and supplies, up to 10 pounds.
Occasional travel 10%.
· Computer, phone, photocopiers, and fax machines
· Experience managing Linux, Windows 10 DOD accredited information systems
· Experience with the SCAP Compliance Checker and the DISA STIG Viewer
· Experience with Assured Compliance Assessment Solution (ACAS) Vulnerability scanner
· Microsoft Office Applications (Word, Excel, PowerPoint)
· Microsoft Project