The Information Systems Security Officer (ISSO) is responsible for classified/Unclassified programs Cybersecurity/Risk Management Framework (RMF) posture following government directives and program requirements. The ISSO closely interfaces and collaborates with government customers, system owners, Cybersecurity/Information Assurance (IA) professionals, System Administrators, engineering community on compliance and configuration change management. The ISSO's primary focus is ensuring information systems' confidentiality, integrity, and availability. The ISSO is a vital contributor to the program and operates in a highly dynamic and fast-paced environment.
Responsibilities
- Leads Cybersecurity/IA efforts by establishing or validating the system, its functions, information types, operating environments, and security requirements
- Coordinates with Government, customers, partners, and Authorization Officials (AO) to prepare systems for Assessment & Authorization (A&A) following established NIST guidelines
- Creates and Maintains A&A/RMF documentation: Security Plan, Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, Risk Assessment Report, Security Assessment Plan and Report; Contingency Plan, Incident Response Plan, and Configuration Management
- Monitors and refines cybersecurity requirements and ensures that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
- Provides continuous security monitoring of unclassified/classified systems
- Applies current computer science technologies to the development, evaluation, and integration of computer systems and networks to maintain system security for unclassified/classified information systems
- Develops and maintains all DoD requirements, including the DAAPM & Risk Management Framework (RMF) standards, to ensure compliance with the National Industrial Security Program Operating Manual (NISPOM)
- Assist in the development and implementation of policies and System Security Plans supporting government agency requirements
- Works in a fast-paced production environment with the ability to handle multiple competing tasks and demands simultaneously.
- Conducts security control assessments; reviews the adequacy of the security controls and their ability to protect the system and its information; tailors the security controls to ensure compliance
- Supports cybersecurity activities concerned with technical development, scheduling, and resolving engineering design and test problems.
- Participates in proposal efforts containing Cybersecurity/IA-related SOW/tasks to address scope, capability, cost, schedule, and resources
- Reads interpret, and implements Cybersecurity/IA regulations and requirements; develops and maintains managerial, operational, and technical Cybersecurity/IA skillset
- Collaborates with security managers (both government and local), other SSE's and SSM's to define, improve, implement and maintain information security policies, strategies, and procedures
- Supports Corporate-wide Security initiatives
Qualifications
- Bachelor's Degree, ideally in Information System Security, Computer Science, Cybersecurity, or equivalent related experience
- 7+ years of hands-on experience in System Security or Cybersecurity/Risk Compliance
- Certifications: CISSP, CISA, CISM, CASP, CEH, and Security+
- Completion of the DSS CDSE/STEPP RMF Training
- Must have an in-depth knowledge of the security authorization processes and procedures defined in the Risk Management Framework and be familiar with the CNSSI1253, NIST SPs 800-37, 800-53, etc.
- Must have experience in several of the following areas: knowledge of current security tools, hardware/software security implementation; different communication protocols; and encryption techniques/tools
- Substantial communication and interpersonal skills to advise customers of DoD and company industrial security policies and procedures
- Experience with development documentation for systems down to the technical component, software, firmware, and interface level
- Demonstrates ability to follow engineering processes and verify technical requirements
- Ability to work under pressure and with limited supervision and work well with others in a large and diverse environment
- Ability to successfully prioritize and manage to completion of multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions
Engenium is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
