Serve as Information System Security Officer (ISSO) using Cyber Security Assessment Management (CSAM) tool providing a functional description of the control implementation. Security control documentation describing how system-specific, hybrid, and common controls are implemented. The documentation formalizes plans and expectations regarding the overall functionality of the information system. The functional description of the security control implementation includes planned inputs, expected behavior, and expected outputs where appropriate, typically for those technical controls that are employed in the hardware, software or firmware components of the information system.
* Allocate security controls as system-specific, hybrid, or common controls consistent with the enterprise architecture and information security architecture in CSAM.
* Demonstrate the use of sound information system and security engineering methodologies in integrating information technology products into the information system and in implementing the security controls contained in the security plan and CSAM. Document in CSAM how common controls inherited by organizational information systems have been implemented.
* Document in CSAM how system-specific and hybrid security controls have been implemented within the information system taking into account specific technologies and platform dependencies.
* Update all control information in CSAM as part of system migration; removing references to security controls and services no longer used and updating implementation statements in CSAM for new security services, common controls, hybrid controls, and system specific controls as part of the new hosting environment.
* Complete and execute all necessary system owner or ISSO artifact requirements necessary for change management, configuration management, change control boards, assessment and authorization, and Enterprise Architecture Review Process.
Required Skills, Experience, and Education:
Bachelor's Degree in a relevant technical/engineering-related field. Minimum (10) years of experience in Information Security including CSAM, FISMA, FedRAMP, NIST based Risk Management Framework. Advanced Degree may substitute for years of experience. Must have good oral and written command of the English Language. Must be US citizen.
6C Public Trust High or a Top Secret
One or more of the following certifications: CISSP*, SSCP*, CAP*, CCSP*, CISA, GIAC, CRISC, CNSS (4011-4016, 4053); *Will accept associate designation
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V
Job ID 1933197 Date posted 07/01/2019
AT&T is a provider of telecommunications, media, entertainment, and technology services for consumers, content creators, distributors, and advertisers.