The Information Systems Security Auditor (ISSA) works closely with the Information Systems Security Manager (ISSM) to support the daily operations of the information security program. Assists in maintaining the security posture of information systems; which includes physical and environmental protection, personnel security, incident handling, and security training and awareness. The ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the system security plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes.
Serves as Information Systems Security Auditor under the guidance of the ISSM.
- Implements and maintains a formal information systems security program.
- Assists with developing, reviewing, maintaining and overseeing information systems security plans (SSPs) and Assessment/Authorizations in accordance with DoD mandated polices.
- Conducts audit reviews of systems to track multiple events including any signs of inappropriate or unusual activity, data transfers, etc. Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities.
Implements and enforces information security policies and procedures.
- Performs the steps involved in the execution of the Risk Management Framework (RMF), including generation of documentation, controls compliance testing, and continuous monitoring activities for systems.
- Works with IT to assist the ISSM in performing an initial system assessment to ensure that required security controls are implemented and operating correctly before a system is authorized for production.
- Ensures IT staff and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization packages.
- Confirms IT staff continuously apply system patches, service packs, and anti-virus updates to all systems
- Notify IT Staff when a user account is to be created, modified, disabled, or removed from a system
- Participates in IDA change management processes for authorizing use of hardware / software on an information system.
Participates in inspections and incident response.
- Executes established procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
- Ensures proper protection and / or corrective measures are taken when an incident or vulnerability has been discovered, and reported and documented as required.
- Participates in risk and vulnerability assessments.
Executes elements of IDA information systems security, education, training, and awareness programs.
- Clearly communicates to all users, including security personnel, IT staff, and managers the proper procedures for protecting classified information and the systems that process that information. Training prior to initial system access and periodically after includes proper system usage, physical security, data transfers, media protection etc.
Performs other duties as assigned.
- Bachelor's degree in an IT-related or similar relevant field or equivalent experience.
- At least two years of experience in a similar systems security role or experience in related IT or systems security disciplines..
- Candidate must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
- DSS NISPOM Risk Management Framework Courses
- DOD 8570.01-M certification at IAT level 2, such as Security +
- Understanding the technical configurations of Windows and other operating systems is desirable.
- Understand Windows and Linux event logs is desirable.
- Knowledge of compliance checking tools preferred.
- Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.
- Candidate must possess an Active Secret clearance. Top Secret with SCI eligibility is preferred.
- Successful completion of a criminal background check is required.
U.S. Citizenship is required
Ability to obtain and maintain a security clearance is required
IDA is an equal opportunity employer committed to providing a fair recruiting process and working environment free from discrimination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability or protected veteran status. Click here to learn more about IDA's commitment to diversity, equity, and inclusion.