DNI (Delaware Nation Industries)
Information Systems Security Officer - 201810
DNI (Delaware Nation Industries), Oklahoma City, Oklahoma, United States, 73116
Information Systems Security Officer
Delaware Nation Industries/Unami works with the Oklahoma City Air Logistics Complex (OC-ALC) located at Tinker AFB, OK to provide on-site cybersecurity support services to maintain an Authority to Operate (ATO) for all OC-ALC systems, applications, and networks using the NIST Risk Management Framework (RMF) per DoDI 8510.01, Risk Management Framework (RMF) for DoD Information and AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology.
An Active Security Clearance Is REQUIRED.
A Security+ Certification is REQUIRED.
This position is 100% onsite.
Responsibilities
Document and maintain controls, appendices, and document attachments under NIST SP 800-53 Rev. 4 & 5 for all DSS and IDM systems and sub-systems
Document and maintain inheritable common controls catalog for to document controls offered to applications or systems hosted on multi-cloud platform
Ensure common controls are available for all hosted systems to inherit and maintain
Assist in the development and maintenance of System Security Plans (SSP) and security controls assessments, and organizational policy
Update the SSP and server documentation and provide the ISSO to update security artifacts and the baseline documentsUpdate POA&Ms throughout the POA&M lifecycle till closure for all system controls
Provides high-level functional systems analysis, design, integration, documentation, and implementation advice on moderately complex cybersecurity problems that require an appropriate level of knowledge of the subject matter for effective implementation
Serves as the IT security POC for assigned systems to ensure information systems comply with applicable policies
Ensures security activities are implemented throughout the entire SDLC, including during system changes and modifications
Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings
Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle
Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated
Ensures all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A)
Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Testing, POA&Ms, and incident reports
Qualifications
At least 2+ years of related experience
Detailed knowledge of NIST SP 800-53 Rev. 4 & 5, Security Policies, NIST Risk Management Framework, eMASS, Security Planning and Architecture, Incident Analysis, and General Security Best Practices
Knowledge of NIST regulatory compliance requirements
Deep knowledge of the information security principles
Experience developing Information Security policies and procedures
Experience performing A&As and supporting the Risk Management Framework lifecycle
Ability to communicate, both written and orally, to both technical and non-technical stakeholders
Strong written and oral communication skills to interact with senior managers, junior staff, and business unit (non-technical) customer
Benefits
Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
Matching 401K
Short- and Long-Term Disability
Pet Insurance
Professional Development/Education Reimbursement
Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas
#J-18808-Ljbffr
An Active Security Clearance Is REQUIRED.
A Security+ Certification is REQUIRED.
This position is 100% onsite.
Responsibilities
Document and maintain controls, appendices, and document attachments under NIST SP 800-53 Rev. 4 & 5 for all DSS and IDM systems and sub-systems
Document and maintain inheritable common controls catalog for to document controls offered to applications or systems hosted on multi-cloud platform
Ensure common controls are available for all hosted systems to inherit and maintain
Assist in the development and maintenance of System Security Plans (SSP) and security controls assessments, and organizational policy
Update the SSP and server documentation and provide the ISSO to update security artifacts and the baseline documentsUpdate POA&Ms throughout the POA&M lifecycle till closure for all system controls
Provides high-level functional systems analysis, design, integration, documentation, and implementation advice on moderately complex cybersecurity problems that require an appropriate level of knowledge of the subject matter for effective implementation
Serves as the IT security POC for assigned systems to ensure information systems comply with applicable policies
Ensures security activities are implemented throughout the entire SDLC, including during system changes and modifications
Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings
Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle
Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated
Ensures all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A)
Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Testing, POA&Ms, and incident reports
Qualifications
At least 2+ years of related experience
Detailed knowledge of NIST SP 800-53 Rev. 4 & 5, Security Policies, NIST Risk Management Framework, eMASS, Security Planning and Architecture, Incident Analysis, and General Security Best Practices
Knowledge of NIST regulatory compliance requirements
Deep knowledge of the information security principles
Experience developing Information Security policies and procedures
Experience performing A&As and supporting the Risk Management Framework lifecycle
Ability to communicate, both written and orally, to both technical and non-technical stakeholders
Strong written and oral communication skills to interact with senior managers, junior staff, and business unit (non-technical) customer
Benefits
Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
Matching 401K
Short- and Long-Term Disability
Pet Insurance
Professional Development/Education Reimbursement
Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas
#J-18808-Ljbffr