Information Systems Security Officer (ISSO) - Hill AFB, UT
Hill AFB, UT
Job Description:
The ISSO may, occasionally, fill Information System Security Manager (ISSM) roles if needed.
Duties and Responsibilities:
- Develop Risk Management Framework (RMF) Authority to Operate (ATO)packages.
- Assessment of cybersecurity controls, identification of vulnerabilities, development and implementation of mitigation plans, security impact assessments, and documentation of findings.
- Perform assessments to validate established security requirements, recommends additional security controls and safeguards Supports the formal testing required by government accrediting authorities, prepares System Security Plans, updates Plans of Action and Milestones, reviews system audits, and monitors corrective actions until actions are closed.
- Under direction of the ISSM, the ISSO maintains the appropriate operational security posture for an information system or program
- Assist the ISSM in refining cybersecurity requirements, integrating requirements into system designs, ensuring compliance with government cybersecurity requirements, and obtaining an ATO
- Assess activities and controls enacted to secure information.
- Assess gaps in security and identify solutions to mitigate risk, including business processes, technical controls, and policy improvements.
- Assist in the development of security policies, plans, and procedures to meet government regulations and industry best practices.
- Build collaborative internal relationships with program and project teams, as well as external relationships with customers, regulatory bodies, other agencies and business partners. Identify, Develop, and Coordinate Required Service Level Agreements (SLAs)
- Review Topology Diagrams
- Advise program teams in identifying architecture boundaries of their programs and weapon subsystems
- Assist/participate in criticality analyses and identifying cyber-related Critical Program Information
- Assist in identifying the appropriate AO and key personnel
- Draft/Finalize Configuration Management Plans, System Security Plans, Physical Security and Recovery Plans, Contingency Plans, and update CCB Documentation.
- Conduct Threat Modeling Analyses, Vulnerability Assessments and Configuration Assessments
- Implement any required changes to the DIACAP or RMF packages
- Assist, as needed, with developing documentation or performing actions required for the National Defense Authorization Act (NDAA), such as: EITDR Records, Business Process Reengineering, Business Capability Lifecycle, Clinger Cohen Act compliance, NDAA certification, CSRDs, BEA and DoDAF Architecture Diagrams, program management reviews, change requests, portfolio management, etc.
Required skills and experience:
- Secret clearance with the ability to obtain a Top Secret clearance.
- Current DoD 8570 IAT Level 2 certification; (ie. SEC+ or equivalent) (or achieve certification within 6 months of hire).
- Knowledge of operating system security requirements.
- Knowledge of network security (e.g., encryption, firewalls, authentication, perimeter protection).
- Knowledge of NIST 800-53 requirements and RMF (Risk Management Framework).
- A minimum of 5 years of experience
- Bachelor’s degree
Desired Skills:
- Knowledge of industry-standard Information Assurance tools.
- Information System auditing experience across several operating systems and IT platforms.
- Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
- Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations and experience with the Technical configuration requirements for various operating Systems.
- Ability to provide guidance on DoD Cyber regulations and requirements to customers, and Lockheed Martin leaders.
- Detail oriented, well organized and able to multi-task in a high-stress environment.
- Prior performance in roles such as System, Network Administrator or ISSO
- Current Top Secret Clearance with SCI Eligibility, eligibility for access to Special Access Program Information, and willingness to submit to a Counterintelligence Polygraph.
- Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level II or Information Assurance Manager II within 6 months of the date of hire