What you will be doing The Information Systems Security Officer (ISSO) is responsible for establishing, implementing, and maintaining information security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of information systems.
The ISSO will work through the Risk Management Framework (RMF) Steps 1-6 to initially obtain and thereafter maintain necessary Interim Authority to Test (IATT)/Authority to Operate (ATO) decisions for Cloud-Based classified systems from the Cognizant Authorization Officials (AO), including Space AO and Defense Counterintelligence Security Agency (DCSA).
The ISSO must adhere to CNSSI 1253, NIST SP 800-53, NIST SP 800-60, and other Federal Regulations to build out policies and procedures that enforce an effective, secure, and compliant Information Security Program, working closely with the ISSM and FSO in these efforts.
Key Responsibilities:
- Security Policy Development and Implementation:
- Develop and enforce information security policies, standards, and procedures in accordance with CNSSI 1253, NIST SP 800-53, and other applicable Space or Federal regulations.
- Ensure that security policies are up-to-date and reflect current threats and vulnerabilities.
- Risk Management and Assessment:
- Conduct regular risk assessments and vulnerability assessments to identify potential security threats.
- Implement risk mitigation strategies and manage the risk management framework.
- Compliance and Audit Management:
- Ensure and maintain IATT and ATO requirements through the RMF Steps.
- Prepare for and execute formal assessments with Government Security Control Assessors in support of achieving and maintaining ATOs.
- Exercise Continuous Monitoring of employed security controls to ensure comprehensive and effective implementation over time.
- Incident Response and Management:
- Develop and maintain an Incident Response Plan, partnering with Government Customers/Prime/Subcontractors for reporting procedures.
- Lead incident response activities, including investigation, containment, and remediation of security incidents.
- Investigate and adjudicate SIEM events.
- Security Training and Awareness:
- Develop and conduct security training and awareness programs for Users on classified Information Systems.
- Ensure all personnel are aware of their security responsibilities and understand the importance of maintaining security standards.
- System Security Plans (SSPs):
- Create and maintain System Security Plans within eMASS (SECRET and/or UNCLASS), collecting all required artifacts (Compliance and Vulnerability reports, documented Policies/Procedures, etc.)
- Ensure that SSPs are regularly reviewed, updated, and compliant with regulatory requirements.
- Collaboration and Communication:
- Work closely with IT System Admins, compliance, and other departments to ensure cohesive and comprehensive security strategies.
- Serve as a point of contact for security-related issues and provide guidance and support to other teams.
- Continuous Improvement:
- Stay up-to-date with the latest security trends, technologies, and regulatory requirements.
- Continuously improve security measures and processes to protect information systems effectively.
Qualifications:
- Clearance: Must have Active SECRET Clearance, TS/SCI preferred.
- Education: Bachelor's degree in Information Security, Computer Science, or a related field.
Experience:
- 5+ years of experience in information security with Space AO and DCSA.
- Proven experience in leading the management and implementation of an Information Security Program.
Technical Skills:
- Strong understanding of security frameworks and standards for RMF, CNSSI, and NIST.
- Proficiency in security tools and technologies, such as SIEM, IDS/IPS, STIG Hardening, and vulnerability management solutions.
- Exposure to technologies and concepts including Kubernetes Containerization, AWS Secret Environment and Tooling, CI/CD pipelines, and Secure Network Architecture.
Certifications: Must have IAT Level II Certification (CompTIA Sec+ or Comparable) or preferred IAT Level III (CISSP, CISM, or Comparable).
Soft Skills:
- Excellent communication and interpersonal skills.
- Strong analytical and problem-solving abilities.
Ability to manage multiple projects and priorities in a fast-paced environment.
ITAR REQUIREMENTSTo conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. a7 1157, or (iv) Asylee under 8 U.S.C. a7 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
