Diné Development
Information System Security Officer
Diné Development, Washington, District of Columbia, us, 20022
Job Summary: DDC Innovation & Growth is seeking a
part-time Information System Security Officer (ISSO)
to support the
United States Court of Appeals for the Armed Forces (USCAAF)
in Washington, DC. This position requires
on-site support
and offers an opportunity to lead cybersecurity and risk management efforts in alignment with Department of Defense (DoD) and Federal regulations.
The ISSO will provide comprehensive cybersecurity oversight, ensuring the confidentiality, integrity, and availability of USCAAF’s information systems throughout their lifecycle.
*This position is contingent upon contract award.*
Job Duties and Responsibilities Cybersecurity & Risk Management Framework (RMF)
Manage the full RMF lifecycle per
DoDI 8510.01 , including the use of
Enterprise Mission Assurance Support Service (eMASS)
for all A&A documentation.
Prepare, submit, and maintain complete system authorization packages to achieve and maintain
Approval to Operate (ATO)
status.
Technology Vetting
Develop and enforce a technology review process for all new software, hardware, and cloud services.
Validate compliance with the
DoD Approved Products List (APL)
and assess potential cybersecurity risks prior to implementation.
Configuration & System Hardening
Maintain and document the authorized hardware/software baselines.
Participate in the
Configuration Control Board (CCB)
and ensure all changes are properly vetted, tested, and approved.
Implement and maintain configurations per
DISA STIGs
and
Security Requirements Guides (SRGs) .
Continuous Monitoring & Vulnerability Management
Conduct vulnerability scanning and compliance monitoring using tools such as
ACAS .
Perform hands-on remediation via patching, scripting, and configuration updates within established compliance timelines.
Manage and track
Plans of Action and Milestones (POA&Ms)
throughout their lifecycle.
Risk Acceptance & Reporting
Develop formal risk acceptance packages for vulnerabilities that cannot be remediated immediately, including justifications and compensating controls.
Maintain continuous communication with government leadership regarding cybersecurity posture, risk, and compliance metrics.
Audit, Incident Response & Contingency Planning
Maintain and review system audit logs per DoD requirements.
Support cybersecurity incident response activities and coordinate with DoD Cyber Incident Response teams as required.
Develop, maintain, and annually test the
System Contingency Plan (NIST SP 800-34) , documenting outcomes and lessons learned.
Job Requirements (Education/Skills/Experience)
Active
DoD Secret clearance
(or ability to obtain and maintain one).
DoD 8570/8140
IAM Level II or III certification
(e.g.,
CAP, CASP+, CISSP, CISM ).
Bachelor’s degree in
Cybersecurity, Information Systems, Computer Science , or a related discipline (or equivalent experience).
5+ years
of cybersecurity or ISSO experience supporting DoD or Federal programs.
Proven experience managing
RMF
processes and using
eMASS
for A&A documentation.
Familiarity with
DISA STIGs ,
NIST SP 800-series ,
DoDI 8510.01 , and
ACAS
tools.
Strong understanding of
configuration management ,
vulnerability management , and
incident response
procedures.
Preferred Qualifications
Experience supporting judicial or defense organizations.
Strong written communication skills and ability to prepare formal cybersecurity documentation.
Position Details
Location:
On-site, Washington, DC
Schedule:
Part-time
Clearance:
Secret (Active or Interim acceptable)
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client‑centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission‑focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy‑inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
#J-18808-Ljbffr
part-time Information System Security Officer (ISSO)
to support the
United States Court of Appeals for the Armed Forces (USCAAF)
in Washington, DC. This position requires
on-site support
and offers an opportunity to lead cybersecurity and risk management efforts in alignment with Department of Defense (DoD) and Federal regulations.
The ISSO will provide comprehensive cybersecurity oversight, ensuring the confidentiality, integrity, and availability of USCAAF’s information systems throughout their lifecycle.
*This position is contingent upon contract award.*
Job Duties and Responsibilities Cybersecurity & Risk Management Framework (RMF)
Manage the full RMF lifecycle per
DoDI 8510.01 , including the use of
Enterprise Mission Assurance Support Service (eMASS)
for all A&A documentation.
Prepare, submit, and maintain complete system authorization packages to achieve and maintain
Approval to Operate (ATO)
status.
Technology Vetting
Develop and enforce a technology review process for all new software, hardware, and cloud services.
Validate compliance with the
DoD Approved Products List (APL)
and assess potential cybersecurity risks prior to implementation.
Configuration & System Hardening
Maintain and document the authorized hardware/software baselines.
Participate in the
Configuration Control Board (CCB)
and ensure all changes are properly vetted, tested, and approved.
Implement and maintain configurations per
DISA STIGs
and
Security Requirements Guides (SRGs) .
Continuous Monitoring & Vulnerability Management
Conduct vulnerability scanning and compliance monitoring using tools such as
ACAS .
Perform hands-on remediation via patching, scripting, and configuration updates within established compliance timelines.
Manage and track
Plans of Action and Milestones (POA&Ms)
throughout their lifecycle.
Risk Acceptance & Reporting
Develop formal risk acceptance packages for vulnerabilities that cannot be remediated immediately, including justifications and compensating controls.
Maintain continuous communication with government leadership regarding cybersecurity posture, risk, and compliance metrics.
Audit, Incident Response & Contingency Planning
Maintain and review system audit logs per DoD requirements.
Support cybersecurity incident response activities and coordinate with DoD Cyber Incident Response teams as required.
Develop, maintain, and annually test the
System Contingency Plan (NIST SP 800-34) , documenting outcomes and lessons learned.
Job Requirements (Education/Skills/Experience)
Active
DoD Secret clearance
(or ability to obtain and maintain one).
DoD 8570/8140
IAM Level II or III certification
(e.g.,
CAP, CASP+, CISSP, CISM ).
Bachelor’s degree in
Cybersecurity, Information Systems, Computer Science , or a related discipline (or equivalent experience).
5+ years
of cybersecurity or ISSO experience supporting DoD or Federal programs.
Proven experience managing
RMF
processes and using
eMASS
for A&A documentation.
Familiarity with
DISA STIGs ,
NIST SP 800-series ,
DoDI 8510.01 , and
ACAS
tools.
Strong understanding of
configuration management ,
vulnerability management , and
incident response
procedures.
Preferred Qualifications
Experience supporting judicial or defense organizations.
Strong written communication skills and ability to prepare formal cybersecurity documentation.
Position Details
Location:
On-site, Washington, DC
Schedule:
Part-time
Clearance:
Secret (Active or Interim acceptable)
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client‑centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission‑focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy‑inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
#J-18808-Ljbffr