Information Systems Security Officer (entry level ISSO)
Alexandria, VA

Job Description

Overview

The Information Systems Security Officer (ISSO) works closely with the Information Systems Security Manager (ISSM) to support the daily operations of the information security program. Primarily ensures appropriate operational security posture is maintained for standalone systems. The ISSO monitors these systems and their operational environment and must have detailed technical knowledge and expertise required to manage the security aspects of these systems.

Responsibilities also include physical and environmental protection, personnel security, incident handling, and security training and awareness. The ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the system security plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes.

Responsibilities

Serves as Information Systems Security Officer under the guidance of the ISSM or alternate ISSM.

* Implements and maintains a formal information systems security program.
* Assists with developing, reviewing, maintaining and overseeing information systems security plans (SSPs) and Assessment/Authorizations in accordance with DoD mandated polices.
* Performs manual and system level audit reviews of systems to track multiple events including any signs of inappropriate or unusual activity, data transfers, etc. Reports any findings to the ISSM.
* Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities. Prepares a detailed report of the findings and ensures proper protection and / or corrective measures are taken immediately, or develops a Plan of Action and Milestones (POAM) to document planned actions.
* Interacts directly with US Government Security Control Assessors (SCAs) during on-site assessments to demonstrate compliance with technical configuration requirements and implementation and enforcement of written security policy.
* Continuously updates all required system documentation, including the SSP, POAM, Risk Assessment Report, and system component inventories.

Implements and enforces information security policies and procedures.

* Performs the steps involved in the execution of the Risk Management Framework (RMF), including generation of documentation, controls compliance testing, and continuous monitoring activities for stand-alone systems.
* Works with IT to assist the ISSM in performing an initial system assessment to ensure that required security controls are implemented and operating correctly before a system is authorized for production.
* Ensures IT staff and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization packages.
* Participates in IDA change management processes for authorizing use of hardware / software on an information system. Evaluates proposed changes against Government security requirements and recommends approval or denial based on a security impact analysis.
* Reviews and ensures implementation of bulletins and advisories that impact the security posture of information systems covered by SSPs.

Participates in inspections and incident response.

* Executes established procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
* Ensures proper protection and / or corrective measures are taken when an incident or vulnerability has been discovered, and reported and documented as required.
* Participates in risk and vulnerability assessments.

Executes elements of IDA information systems security, education, training, and awareness programs.

* Clearly communicates to all users, including security personnel, IT staff, and managers the proper procedures for protecting classified information and the systems that process that information. Training prior to initial system access and periodically after includes proper system usage, physical security, data transfers, media protection etc.

Performs other duties as assigned.

Qualifications

* Bachelor's degree in an IT-related or similar relevant field; OR, two years of experience in a similar systems security role or experience in related IT or systems security disciplines.
* Experience in a similar systems security role or experience in related IT or systems security disciplines is highly preferred.
* Candidate must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
* DSS NISPOM Risk Management Framework Courses
* DOD 8570.01-M certification at IAT level 2, such as Security +
* Higher-level certifications such as CISM or CISSP strongly desired.
* Understanding the technical configurations of Windows and other operating systems is desirable.
* Understand Windows and Linux event logs is desirable.
* Knowledge of compliance checking tools preferred.
* Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.
* Top Secret Clearance is required for this position.