Please note that this is a 11 months contract position.
Perform ISSO duties as outlined in the DHS 4300A and/or CBP HB 1400-05D in support of the C&A (Certification and Accreditation) process. ISSO duties may include reviewing security solutions and interpreting security policies as they relate to specific security infrastructure, architectures and information systems (IS’s). Monitor security posture of the system using DHS, CBP policies and Federal Information Security Management Act (FISMA) guide; Participate in appropriate actions identified in the DHS-4300A, CBP HB 1400-05D (most current version) and applicable SOPs to certify, accredit and maintain compliance of each IS; Notify the ISSO Branch Chief/Information Systems Security Manager (ISSM) when an assigned system requires accreditation or reaccreditation. Contact the CBP Security and Technology Policy (STP) Security Authorization (SA) Team ten months prior to ATO expiration to schedule the reaccreditation kick-off meeting; Lead/perform the C&A process/reaccreditation of applicable system in accordance with (IAW) the DHS 4300A, CBP HB 1400-05D and the project work schedule outlined by STP; Conduct self-assessments per DHS/CBP policy of CBP major applications and general support systems, that include vulnerabilities identified at Contractor/consultant facilities; IAW with the DHS 4300A, the CBP HB 1400-05D, and program SOP’s the ISSO will acknowledge receipt of Information System Vulnerability Management (ISVM) messages, report compliance with requirements and/or notify the ISSO Branch Chief/Information Systems Security Manager (ISSM) of a POA&M creation for those vulnerabilities that are not remediated IAW with the policies stated above. Perform annual reviews/updates to CBP major applications and general support systems as specified by the appropriate DHS/CBP policy; Provide policy and security advice to systems designers, implementers and operators; Assist in the investigation of security violations and incidents as requested by the Computer Security Incident Response Center (CSIRC); Be knowledgeable on current Federal, National, DHS and CBP standards, policies, requirements and procedures; Perform reviews of all ENSB-initiated Change Requests (CRs), verifying that proposed changes adhere to security standards; Provide asset updates to the Vulnerability Assessment Team (VAT) and System Security Plan (SSP), as assets are added, removed, and/or modified Maintain System Documentation: Draft, review and submit for Government approval of all information systems security plans and other C&A artifacts as required by DHS 4300A/CBP HB 1400-05D. These artifacts include but are not limited to the development of the following documents: ISSO designation letters; System Owner letters; Privacy Threshold Determination (PTA); Privacy Impact Assessment (PIA); E-Authentication Determination; Controls Testing (Security Test and Evaluation (ST&E)) Plan; ST&E Plan Test Results; Authorization to Operate (ATO) Authorization Letter; Self-Assessment NIST SP 800-53 Guide for Information Security Program Assessments and System Reporting Form; Standards for Security Categorization of Federal Information and Information Systems (FIPS 199) Assessment; Risk Assessment; System Security Plan; Contingency Plan; Contingency Plan Test and Test Results; ST&E Security Assessment report; Plan of Action & Milestones (POA&Ms); Review and Update System Security Plan annually or when significant system changes occur; Review, Update, and Develop Interconnection Security Agreement (ISA) (as applicable); Complete/update a NIST SP 800-26 or NIST SP 800-53 review for each major application, LAN(s), or general support system on a yearly basis.
For consideration, please reference job number 3518
San Francisco, CAContact