Cybersecurity – Information System Security Officer – Isso

Cybersecurity – Information System Security Officer – Isso

Requirements

• IAM Level 1 DoD 8140.01 (previously 8570.01) compliant certification (i.e. CAP, Security+ CE, CISSP, CASP, CISM, GSLC)
• 1+ years of experience in cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series

Responsibilities

• Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
• Lead and implement the Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems
• Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acknowledgement Letters (RAL) and support Continuous Monitoring (CONMON)
• Oversee configuration management of assigned systems; auditing systems to ensure security posture integrity
• Lead staff with assessments and test/analysis data to document state of compliance with security requirements
• Conduct risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
• Conduct periodic hardware/software inventory assessments
• Serve as organization spokesperson on advanced projects and programs
• Act as advisor to management and customers on advanced technical research studies
• Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
• Oversee the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures
• Manage and perform security compliance continuous monitoring
• Oversee and participate in security assessments and audits
• Prepare, review, and present technical reports and briefings
• Identify root causes, prioritizes threats and recommends and/or implements corrective action
• Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices

Preferred Qualifications

• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC or CISM)
• 1+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 1+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• 1+ years of experience assessing and documenting test or analysis data to show cyber security compliance