Information Systems Security Officer (ISSO)

Concordia Technologies, Inc. • Huntsville, AL, US • $80k - $120k / year • 3m ago

Concordia Technologies is seeking an experienced ISSO to join our team in Huntsville, AL. As an Information Systems Security Officer (ISSO), you will be responsible for ensuring the confidentiality, integrity, and availability of information systems within a government contracting environment. You will play a critical role in safeguarding sensitive government data and adhering to strict compliance regulations. This position offers a stable corporate role, not tied to contracts.

Important Note: This position is only open to those who can obtain and maintain a U.S. security clearance.

Key Responsibilities

Implement and maintain security controls in accordance with established security policies and procedures.
Monitor systems for security threats and vulnerabilities.
Respond to and investigate security incidents.
Provide security awareness training to system users.
Coordinate with system owners and administrators to ensure security requirements are met.
Maintain documentation of security activities and incidents.
Assist with risk assessments and vulnerability scans.

· Candidate will perform Information Assurance and IT Security tasks to ensure the secure operation of the Concordia Technologies information systems as a part of the Concordia Technologies Information Assurance Operations team reporting to the Concordia Technologies Chief Information Security Officer (CISO).

· Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.

· Assists in the implementation of the required government policy (i.e., JSIG, NISPOM, SP-800-171, SP-800-53, RMF) for site-hosted information systems and makes recommendations on process tailoring.

· Performs extensive analyses to validate established security requirements and to recommend additional security requirements and safeguards.

· Periodically conducts of a review of each system's audits and monitors corrective actions until all actions are closed.

Required Skills

· Active Security Clearance

· Bachelor’s Degree Required

· DoDI 8570 IAM Level II certification (CASP, CAP, CISSP/Associates)

Required Experience

· 5+ years of cumulative experience in DoD information technology and information assurance practices.

· 3+ year of cumulative experience in Authorization & Accreditation (A&A) package management.

· 1+ year of independent experience in all six steps of the Risk Management Framework (RMF) lifecycle.

· 1+ years of experience with Enterprise Mission Assurance Support Service (eMASS) solutions.

· 1+ years of experience with using security vulnerability and scanning tools (Retina, ACAS, Nessus, etc).

· Familiarity with industry information assurance policies and procedures (NIST SP 800-171, 800-37, etc.)

· Experience working both independently and as a team to accomplish short notice, high priority tasks directed by senior leadership.

· Experience applying problem solving techniques to complex government problems related to adapting enterprise solutions to tactical systems and devices.

Desired Qualifications

Experience working in an organizational Headquarters run by a General Officer/SES.
Good understanding of the Army’s Information Technology (IT) and Information Assurance (IA) processes, procedures, regulations and governance.
Desire to learn application of IA concepts and practices to rapid development and prototyping projects.
Experience applying and adapting traditional IA requirements to non-standard projects and solutions.
DISA eMASS training preferred
Bachelor's degree in computer science, information systems, or a related field.
2+ years of experience in information security.
Experience with DOD 8500.01, Risk Management Framework (RMF) requirements as well as experience in drafting, submitting, and maintaining RMF packages, Experience with Joint Special Access Program (SAP) Implementation Guide (JSIG) packages is required.
Strong understanding of security principles, concepts, and practices.
Experience working with eMASS and DCSA RMF process.
Experience in development and maintaining of RMF Documents including System Security Plans (SSP), System Security Checklists, Privacy Impact Assessments, and Authority to Operate (ATO) artifacts. Ability to work independently and as part of a team.
Experience in developing Plan of Action and Milestones (POA&M)
A current Information Assurance Manager (IAM) Level I or comparable certification in accordance with DoD 8570.01-M

Preferred Qualifications

· Knowledge in monitoring and conducting Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP, NIST SP 800-53.

· Understanding of maintenance and inventory process for information Security Systems.

· Experience in developing waivers and exceptions for information system vulnerabilities.

· Knowledge of quality assurance, quality control, and independent verification and validation techniques.

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Concordia Technologies participates in E-Verify.

Job Type: Full-time

License/Certification: