Location: Fort Meade, MD

US Citizenship Required for this Position: Yes

Relocation Assistance: No relocation assistance available

Clearance Type: Secret

General

Program level Information System Security Officer that conducts actions necessary to support the implementation Risk Management Framework (RMF), as well as the successful award of Authorization to Operate (ATO) through the Assessment & Authorization process.

Education and Experience

  • Bachelor’s Degree
  • 5+ years of experience
  • Security + or CISSP Certification required.

Responsibilities

  • Work closely with the DISA PM and ISSM to achieve system accreditation and maintain compliance of information systems, to include:
    • Assessing RMF controls within eMASS.
    • Prepare and maintain security documentation.
    • Support Assessment & Authorization actions.
    • Vulnerability Management on information systems, to include:
      • Documenting vulnerabilities as they are identified.
      • Tracking corrective/remediation efforts as they move through the configuration management process.
      • Documenting final remediation/fix actions.
      • Developing Plans of Action & Milestones (POA&M).
      • Validating configuration management, testing, and maintenance actions meet the Change Control RMF requirements.
  • Continuous monitoring of program level compliance and the creation of compliance summary reports.
  • Integration with the ISSM as a program level ISSO and provide support/updates as required to ensure the ISSM has continuous awareness of the program’s Cybersecurity posture.
  • Collect and maintain data needed to meet cybersecurity reporting, to include DTO monitoring and response.
  • Integration with the Security Control Assessor Representative (SCAR), and other representatives of the Risk Management Executive office, to support accurate Assessment & Authorization actives.
  • Track audit findings/after action recommendations to ensure that appropriate mitigation/remediation/corrective actions are taken.
  • Assist in the development and creation of Directorate and Program level Policies and Procedures.
  • Assist in the determination of Cost/Benefit and Risk analyses to support PMO decisions.
  • Development and implementation of executive/leadership briefs relating to Cybersecurity and/or RMF compliance.

REQUIRED QUALIFICATIONS

  • Active Secret Clearance required
  • Security + or CISSP Certification required
  • Knowledge of DoD’s Risk Management Framework (RMF), writing to controls within, and the identification of compelling evidence for compliance
  • Knowledge of eMASS, as the official repository of RMF information
  • Proficiency in developing, executing and monitoring Plan of Action and Milestones (POA&Ms) for the system
  • Detailed knowledge of DISA’s Customer Interaction Center program, architecture and issues
  • Minimum of 5 years of experience in working with the DISA CIC program

DESIRED QUALIFICATIONS

  • Current CISSP
  • Knowledge of NIST, and the publications directly related to RMF, to include NIST SP 800-53
  • Previous experience working with DISA
  • Knowledge of applicable STIGs, SRG, ACAS SCAN and DISA End Point Security Service (ESS)
  • Previous experience as a System Administrator

 

Apply Now: https://www.clearancejobs.com/jobs/7541818/information-system-security-officer