VetJobs
INFORMATION SYSTEM SECURITY OFFICER (ISSO) III (Req 25 066)
VetJobs, Phila, Pennsylvania, United States, 19117
Job Description
Responsibilities:
Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. Ensures compliance with all cybersecurity policies. Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinates cybersecurity processes and activities for assigned systems. Maintains and reports Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs. Provides oversight of Security Plans for assigned systems throughout their lifecycle. Manages and maintains Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and where possible, remediated. Assists with the identification of security control baselines and applicable overlays. Coordinates the validation of security controls with Navy Qualified Validators (NQV). Performs Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicates findings from Package Submitting Officer (PSO). Registers and maintains systems in Enterprise Mission Assurance Support Service (eMASS). Plans and coordinates security control testing during Risk Assessments and Annual Security Reviews. Reports changes in system security posture to the ISSM. Ensures the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy. Reviews all data produced by Continuous Monitoring activities, updates the eMASS record as necessary, and escalates to leadership for action, if required. Correlates findings from non-RMF vulnerability assessments, penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking, ensuring a holistic risk assessment. Participates in change control and configuration management processes. Maintains vulnerability data in Vulnerability Remediation Asset Manager (VRAM).
Please go to Openings Amelex to apply for this position.
Certificates/Security Clearances/Other
An Active Secret Security Clearance is required.
Minimum Certification Requirement:
CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP is required.
Additional Qualifications/Responsibilities
Education:
Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited institution as recognized by the U.S. Department of Education
Experience:
Six (6) years of DoD experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting.
Responsibilities:
Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. Ensures compliance with all cybersecurity policies. Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinates cybersecurity processes and activities for assigned systems. Maintains and reports Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs. Provides oversight of Security Plans for assigned systems throughout their lifecycle. Manages and maintains Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and where possible, remediated. Assists with the identification of security control baselines and applicable overlays. Coordinates the validation of security controls with Navy Qualified Validators (NQV). Performs Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicates findings from Package Submitting Officer (PSO). Registers and maintains systems in Enterprise Mission Assurance Support Service (eMASS). Plans and coordinates security control testing during Risk Assessments and Annual Security Reviews. Reports changes in system security posture to the ISSM. Ensures the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy. Reviews all data produced by Continuous Monitoring activities, updates the eMASS record as necessary, and escalates to leadership for action, if required. Correlates findings from non-RMF vulnerability assessments, penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking, ensuring a holistic risk assessment. Participates in change control and configuration management processes. Maintains vulnerability data in Vulnerability Remediation Asset Manager (VRAM).
Please go to Openings Amelex to apply for this position.
Certificates/Security Clearances/Other
An Active Secret Security Clearance is required.
Minimum Certification Requirement:
CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP is required.
Additional Qualifications/Responsibilities
Education:
Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited institution as recognized by the U.S. Department of Education
Experience:
Six (6) years of DoD experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting.