One sentence overview of the role of the position.
Provide on-site Information System Security Officer (ISSO) and/or Information Assurance Officer (IAO) support to our Navy customer.
Essential Job Functions:
Ensure proper Configuration Management procedures are followed prior to implementation and contingent upon an established approval process.
Initiate requests for temporary and permanent exception, deviations, or waivers to IA/C requirements.
Advise appropriate senior leadership or Authorizing Official of changes affecting the IA/C posture of the organization and its programs.
Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organizations mission and goals.
Collect and maintain data needed to meet system IA/C reporting.
Define and/or implement policies and procedures to ensure protection of critical infrastructure (as appropriate).
Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections (RMF controls, JSIG Rev 4, SSP & POA&M)
Ensure that IA/C inspections, tests, and reviews are coordinated for the network environment.
Ensure that IA/C requirements are integrated into the continuity planning for that system and/or organization(s).
Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level IA architecture.
Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
Evaluate cost benefit, economic, and risk analysis in decision making process.
Identify security requirements specific to an IT system in all phases of the System Life Cycle.
Participate in an information security risk assessment during the Security Assessment and Authorization process.
Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
Participate in the development or modification of the computer environment IA security program plans and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Recognize a possible security violation and take appropriate action to report the incident, as required.
Recommend resource allocations required to securely operate and maintain an organization.
Supervise or manage protective or corrective measures when an IA incident or vulnerability is discovered.
Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs, etc.)
Due to the sensitivity of customer related requirements, U.S. Citizenship is required.
A high school diploma with 16 years of professional experience is required. An Associates degree with 10 years plus of relevant experience or a Bachelors degree with 8 plus years of relevant experience will also be considered.
Acquire and maintain security clearance and Single Scope Background Investigation (SSBI).
Knowledge of Federal, DoD, and U.S. Navy Guidance.
Experience with general IA/C Tools (SPLUNK/QMULOS) and Continuous Monitoring (CONMON).
Knowledge of Federal, DoD, and USMC Guidance (DoDD 8500.1, DoDI 8500.2), DITSCAP, DIACAP, NIACAP, NIST 800-53, and Certification Accreditation processes.
DOD 8570 IAT Level I certification (Security +).
Top Secret Clearance
DOD 8570 IAT Level II (SANS Security Essentials, CISSP), IASO Training, or equivalents.
Knowledge of Risk Management Framework, eMass, ACAS, HBSS, Nessus.