If you want to work for an organization where you can truly make important contributions to the Nation while gaining experience and knowledge in numerous leading technologies, please apply now for consideration. IDA has excellent benefits, competitive compensation, and is a great place to work.
The Information Systems Security Officer (ISSO) works closely with the Information Systems Security Manager (ISSM) to support the daily operations of the information security program. Primarily ensures appropriate operational security posture is maintained for standalone systems. The ISSO monitors these systems and their operational environment and must have detailed technical knowledge and expertise required to manage the security aspects of these systems. #ITatIDA Secret Clearance or above is required for this position. Responsibilities:
- Serves as Information Systems Security Officer under the guidance of the ISSM or alternate ISSM.
- Assists ISSM with developing, reviewing, and maintaining information systems security plans (SSPs) and supporting documents in accordance with DoD mandated polices.
- Performs manual and system level audit reviews of systems to track security events including any signs of inappropriate or unusual activity, data transfers, etc. Reports any findings to the ISSM.
- Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities. Prepares a summary report of the findings and ensures proper protection and / or corrective measures are taken,
- Provides physical and environmental protection, personnel security, incident handling, and security training and awareness. The ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the system security plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes.
- Implements and enforces information security policies and procedures.
- Performs the steps involved in the execution of the Risk Management Framework (RMF), including generation of documentation, controls compliance testing, and continuous monitoring activities for stand-alone systems.
- Works with IT to assist the ISSM in performing an initial system assessment to ensure that required security controls are implemented and operating correctly before a system is authorized for production.
- Ensures IT staff and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization packages.
- Confirms IT staff continuously apply system patches, service packs, and anti-virus updates to all systems
- Notifies IT Staff when a user account is to be created, modified, disabled, or removed from a system
- Participates in IDA change management processes for authorizing use of hardware / software on an information system. Evaluates proposed changes against Government security requirements and recommends approval or denial based on a security impact analysis.
- Participates in inspections and incident response.
- Executes elements of IDA information systems security, education, training, and awareness programs.
- Clearly communicates to all users, including security personnel, IT staff, and managers the proper procedures for protecting classified information and the systems that process that information. Training prior to initial system access and periodically after includes proper system usage, physical security, data transfers, media protection etc.
- Performs other duties as assigned.
DSS NISPOM Risk Management Framework Courses DOD 8570.01-M certification at IAT level 2, such as Security +
- Bachelor's degree in an IT-related or similar relevant field; OR, two years of experience in a similar systems security role or experience in related IT or systems security disciplines.
- Experience in a similar systems security role or experience in related IT or systems security disciplines is highly preferred.
- Candidate must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
- Understanding the technical configurations of Windows and other operating systems is desirable.
- Understand Windows and Linux event logs is desirable.
- Knowledge of compliance checking tools preferred.
- Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.
- Secret Clearance or above is required for this position.
- Successful completion of a criminal background check is required.
U.S. Citizenship is required
Ability to obtain and maintain a security clearance is required
Equal Opportunity Employer