Senior Information Systems Security Officer (ISSO)/PM with Security Clearance, Cape Fox Shared Services, Reston, VA
Cape Fox Shared Services -
Reston, VA,
US
Senior Information Systems Security Officer (ISSO)/PM with Security Clearance
Date Posted: 2024-05-30
Job description
Work Location: Reston, VA; work may also be performed at locations in the Washington, DC National Capital Region (NCR) (i.e., The District of Columbia; Arlington, Fairfax, Loudon, Prince William, and Stafford counties in VA (including incorporated cities) and Prince George and Montgomery Counties in Maryland and at additional CONUS Government locations to meet support of combatant commanders, as needed. Cape Fox is seeking a highly qualified professional to join our team in support of a government customer. We are looking for Senior Information Systems Security Officer (ISSO) to act as the onsite Project Manager for both on-premises and cloud-native environments. The Senior ISSO/Project manager will serve as an on-site Project Manager/Team Leader with managerial and supervisory authorities to ensure the effective performance of the contract, to include monitoring the work assignments of contractor personnel. The Senior ISSO shall have the detailed knowledge and expertise required to manage the security aspects of an information system and will be assigned responsibility for the day-to-day security operations of a system. Core Duties: Coordinate or participate in meetings as requested, between the contractor team, and SCS, CIO, and GSA stakeholders
Participate in management and budget reviews as directed by the Contracting Officer s Representative (COR)
Responsible for ensuring contract deliverables are completed and provided to appropriate contact
Conduct research, develop, implement, test, and review the application information security IAW DoD/National Institute of Standards and Technology (NIST) RMF+ requirements in order to protect information and prevent unauthorized access
Coordinate with the contractor team regarding security measures, explain potential threats, implement security measures, and monitor applications in order to meet or exceed all DoD/NIST RMF+ requirements, resulting in faster and more accurate software releases
Responsibilities also include physical and environmental protection, personnel security, incident handling, and security training and awareness
In close coordination with the Information System Security Manger (ISSM) and Information Systems Owner (ISO), the ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the System Security Plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes
Ensure the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package
Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties
Maintain required IA certifications
Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the Information System (IS)
Report all security-related incidents through appropriate channels
Conduct periodic reviews of information systems to ensure compliance with the security authorization package
Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change
Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization
Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly
Ensure all IS security-related documentation is current and accessible to properly authorized individuals
Ensure audit records are collected, reviewed, and documented (to include any anomalies) Requirements: Bachelor's degree in computer science, mathematics, engineering, or five years of comparable work experience
Eight or more years of ISSO experience is highly desired
Candidates must have, or be able to obtain, DOD 8570 certification for Info Assurance Management (IAM) level III. Prefer candidates who hold Certified Information Systems Security Professionals (CISSP) credential and possess acute knowledge and practical experience of DoD 8510 and NIST 800-53 RMF+
Candidate must be analytical and able to troubleshoot and prioritize needs, requirements, and other issues
Excellent communication, teamwork, and conflict management skills
Expertise in risk-based Assessment and Authorization (A&A) for information systems security and trends and utilize functional area expertise gained through direct industry experience to assess the operational and functional baseline of an organization and its organizational components
Possesses ability to meet and operate under deadlines
Knowledge and experience with DevSecOps and C2S are required for at least one ISSO on contract
Expertise with configuration management, system maintenance, and integration testing
Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data
Expertise in forensics chain of custody and evidentiary preservation
Demonstrated proficiency in successfully guiding complex information systems through A&A control gates
Expert ability to establish and maintain effective internal and external working relationships with government and contractor program managers, security professionals, and mission partners
Proficiency in successfully guiding complex information systems through A&A control gates
Demonstrated ability to work independent of close supervision
Must have Active Security Clearance status of Top Secret/Sensitive Compartmented Information (TS/SCI) with a Counter Intelligence (CI) polygraph test
#CJ
Participate in management and budget reviews as directed by the Contracting Officer s Representative (COR)
Responsible for ensuring contract deliverables are completed and provided to appropriate contact
Conduct research, develop, implement, test, and review the application information security IAW DoD/National Institute of Standards and Technology (NIST) RMF+ requirements in order to protect information and prevent unauthorized access
Coordinate with the contractor team regarding security measures, explain potential threats, implement security measures, and monitor applications in order to meet or exceed all DoD/NIST RMF+ requirements, resulting in faster and more accurate software releases
Responsibilities also include physical and environmental protection, personnel security, incident handling, and security training and awareness
In close coordination with the Information System Security Manger (ISSM) and Information Systems Owner (ISO), the ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the System Security Plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes
Ensure the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package
Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties
Maintain required IA certifications
Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the Information System (IS)
Report all security-related incidents through appropriate channels
Conduct periodic reviews of information systems to ensure compliance with the security authorization package
Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change
Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization
Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly
Ensure all IS security-related documentation is current and accessible to properly authorized individuals
Ensure audit records are collected, reviewed, and documented (to include any anomalies) Requirements: Bachelor's degree in computer science, mathematics, engineering, or five years of comparable work experience
Eight or more years of ISSO experience is highly desired
Candidates must have, or be able to obtain, DOD 8570 certification for Info Assurance Management (IAM) level III. Prefer candidates who hold Certified Information Systems Security Professionals (CISSP) credential and possess acute knowledge and practical experience of DoD 8510 and NIST 800-53 RMF+
Candidate must be analytical and able to troubleshoot and prioritize needs, requirements, and other issues
Excellent communication, teamwork, and conflict management skills
Expertise in risk-based Assessment and Authorization (A&A) for information systems security and trends and utilize functional area expertise gained through direct industry experience to assess the operational and functional baseline of an organization and its organizational components
Possesses ability to meet and operate under deadlines
Knowledge and experience with DevSecOps and C2S are required for at least one ISSO on contract
Expertise with configuration management, system maintenance, and integration testing
Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data
Expertise in forensics chain of custody and evidentiary preservation
Demonstrated proficiency in successfully guiding complex information systems through A&A control gates
Expert ability to establish and maintain effective internal and external working relationships with government and contractor program managers, security professionals, and mission partners
Proficiency in successfully guiding complex information systems through A&A control gates
Demonstrated ability to work independent of close supervision
Must have Active Security Clearance status of Top Secret/Sensitive Compartmented Information (TS/SCI) with a Counter Intelligence (CI) polygraph test
#CJ