Information System Security Officer (ISSO)
TS/SCI with Poly Required
The Information System Security Officer (ISSO) is responsible for work with system owners and project managers to facilitate and provide guidance on achieving Approval to Operate (ATO) through the customer’s formal Risk Management Framework (RMF) and the Assessment and Authorization (A&A) process. The selected candidate will need to apply technical experience to understand details of complex technical network design and deployment methodologies. The selected candidate will assist in providing cybersecurity and data protections policy interpretation and guidance to a small team of mission focused network and systems engineers as well as with other non-technical partners across the organization. The ability to solicit and interpret needed information for engineers is key.
Duties:
- Understand and determine requirements for approvals.
- Understand and determine requirements for Accreditation and Authorization process
- Familiarity with customer risk management framework and enterprise accreditation tools.
- Work with ISSM staff for policy guidance with the ultimate goal of approval to operate while protecting the systems from disclosure.
- Work with ISSM determine the appropriate amount of information that can be stored in mandatory enterprise systems consistent with program guidelines.
- Create, Coordinate, and Submit all required artifacts for accreditation
- Engage with on-site engineers and off-site vendors to advise and document security designs
- Work with teams to ensure adequate INFOSEC considerations are introduced
- Identify deficiencies in INFOSEC considerations in existing systems and work to document, mitigate, or accept the risk of identified issues
- Advise team of critical security vulnerabilities and system patches when released by vendors
- Track deployment of security patching on systems
- Ensure system scanning is completed and when possible compliant with customer policies
- Track, triage, and address system POA&Ms
- Keep up to date on critical vulnerabilities in customer platforms and translate them into patching requirements for system engineers.
- Demonstrate the following:
- Ability to manage/prioritize multiple project requirements and work in a team environment or independently with good judgment and personal initiative.
- Ability to deliver comprehensive briefings that convey complex concepts and/or technical information regarding information security issues clearly and concisely to both technical and non-technical audiences.
- Maintain appropriate technical training to ensure skills are kept current with evolving technology
- Performs other duties as assigned at the direction of Project Management
Required Skills
- Willingness to travel around WMA for meetings and 1 to 2 CONUS trips per year
- Experience reviewing, approving and/or developing security plans for IT projects and developing security measures to safeguard information against accidental or unauthorized modification, destruction or disclosure
- Demonstrated understanding of information systems, system development, network architecture and cyber security, including information security protocols and software
- Ability to communicate the customer’s information security policies vision, goals and objectives; encouraging open and honest communication
- Demonstrated understanding ofthe customer’s accreditation tools
- Experience with the customer’s Assessment and Authorization process
- Experience working with customer’s ISSM staff
Desired Skills (Optional)
- Experience with customer’s specialized networks
- Experience in procurement and setting up of specialized communication solutions
- Cyber security certifications such as Certified Information System Security Professional (CISSP), Security+ or similar
