Information System Security Officer (ISSO)
Job Title: Information System Security Officer (ISSO)
Job Location: Joint Base Andrews, MD
Security Clearance: Active, in-scope US Government issued Top Secret clearance the ability to obtain SCI eligibility
Job Responsibilities:
C3EL is seeking an innovative and highly-driven individual to join our team as an Information System Security Officer
-
Responsible for ensuring appropriate operational security posture is maintained.
-
Implement and enforce all Air Force cybersecurity policies, procedures, and countermeasures.
-
Maintain all authorized user access control documentation IAW applicable AF Records Information Management System (AFRIMS).
-
Ensure software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., Security Technical Implementation Guides (STIGs)/Security Requirement Guides (SRGs)).
-
Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval.
-
Coordinate changes or modifications with the Information System Security Manager (ISSM) and/or the Security Control Assessor (SCA).
-
Initiate exceptions, deviations, or waivers to cybersecurity requirements.
-
Assist the ISSM in meeting duties and responsibilities.
-
Implement and enforce all DoD cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
-
Ensure all users have requisite security clearances and access authorization.
-
Initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered and ensure a process is in place for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities.
-
Ensure all DoD cybersecurity-related documentation is current and accessible to properly authorized individuals.
-
Implement the Risk Management Framework (RMF) across multiple programs in accordance with the National Institute of Standards and Technology (NIST) and Air Force policy and directives.
-
Develop artifacts and supporting evidence to satisfy all applicable RMF Controls and corresponding Control Correlation Identifiers (CCI’s).
-
Develop and/or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks.
-
Manage system authorization packages and ATO’s using Enterprise Mission Assurance Support Service (eMASS).
Minimum Qualifications:
-
A current DoD 8570 IAM Level II certification (CAP, CASP CE, CISM, CISSP, GSLC) is required.
-
Active, in-scope US Government issued Top Secret clearance the ability to obtain SCI eligibility
-
Due to the nature of the work and contract requirements, US Citizenship is required.
Desired Qualifications:
-
IAM Level III Certification (CISM, CISSP, GSLC).
-
Five years direct experience in the last seven years.
-
Functional knowledge of DoD and Air Force cyber policies and directives.
-
Knowledge of US Government security regulations and methodologies, FISMA, FedRAMP, and NIST special publications.
-
Experience creating DOD RMF packages and associated work products and managing them through the program lifecycle.
-
Familiar with eMASS and associated workflows.
-
Familiarity with the coalition and multi-national information sharing systems, policies, and environments.
-
Experience with the Cross Domain Solution (CDS) authorization process.
Education:
-
Bachelor's Degree in a related discipline (e.g. Computer Science, Computer Information Systems, Math, Engineering).
-
With at least fifteen years of general experience of which ten years is directly related experience, a degree is not required.