Facility Security Officer / ISSM

About The Position

Requirements

• U.S. citizenship (required by NISPOM for FSO and ISSM designations)
• Active Secret clearance; ability to obtain Top Secret clearance
• Minimum 5 years of progressive industrial security experience in a cleared DoD contractor environment, including at least 3 years in a designated FSO role at a possessing facility
• Working knowledge of 32 CFR Part 117 (NISPOM), DoDI 8500.01, DoDI 8510.01, NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, and applicable DISA STIGs
• Hands-on proficiency with DISS, NBIS, NISS, and eMASS (or customer-equivalent RMF tooling)
• DoD 8140 IAM Level II certification (CISSP, CISM, CASP+, or equivalent) at hire or within six months
• Completion of CDSE FSO Program Management for Possessing Facilities curriculum (or completion within six months of designation)
• Experience with CMMC Level 2 implementation and assessment
• Demonstrated ability to draft and implement SSPs, SOPs, and incident response plans

Nice To Haves

• Top Secret eligible preferred
• IAM Level III preferred
• Minimum 3 years as a designated ISSM or senior ISSO with demonstrated experience achieving ATO decisions on classified systems
• NCMS Industrial Security Professional (ISP) or SPeD SFPC certification
• Experience supporting multi-contract, multi-customer security programs at a similarly sized contractor
• Experience with closed area accreditation under NISPOM
• Prior experience as ITPSO and building an Insider Threat Program from baseline

Responsibilities

• Administer Strategic Insight’s facility clearance under 32 CFR Part 117 (NISPOM) and serve as the primary point of contact with DCSA.
• Maintain the FCL and all KMP designations in DISS.
• Execute and maintain the DD-441.
• Review incoming DD-254s to confirm contract security requirements are understood and met.
• Manage the full personnel security clearance lifecycle: initiations and reinvestigations in NBIS, indoctrinations and debriefings, continuous vetting enrollment, incident and adverse information reporting, and SF-312 administration.
• Plan and execute the annual self-inspection.
• Prepare the company for DCSA security reviews with the goal of a Commendable or Superior rating, and remediate findings.
• Lead and manage the Security Education, Training, and Awareness (SETA) program, including initial security briefings, annual refresher training, foreign travel briefings and debriefings, derivative classifier training, and threat awareness.
• Manage classified visit requests inbound and outbound through DISS.
• Oversee physical security, including closed area or controlled area accreditations if applicable.
• Administer the company’s classified holdings and document control program.
• Serve as the designated Insider Threat Program Senior Official (ITPSO).
• Report under the NISPOM’s reporting requirements, including cyber incidents, suspicious contacts, foreign travel, and changes in personal status.
• Lead and manage the cybersecurity posture of all information systems and execute the Risk Management Framework (RMF) per DoDI 8500.01, DoDI 8510.01, and NIST SP 800-53.
• Develop and maintain System Security Plans (SSPs), Security Assessment Reports, Plans of Action and Milestones (POA&Ms), continuous monitoring strategies, and incident response plans for each system.
• Serve as the company’s cyber incident response lead for the organization’s information systems, coordinating with DCSA, the DoD Cyber Crime Center (DC3), and customer cybersecurity offices as required.
• Support Strategic Insight’s CMMC compliance program for CUI environments.
• Coordinate with the IT department on architecture and zero-trust initiatives.
• Contribute to supply chain risk management and Foreign Ownership, Control, or Influence (FOCI) mitigation activities.
• Provide oversight and policy direction for IT system administration, with audit log review and privileged action oversight performed independently.

Benefits

• Growth opportunities
• Healthcare
• 401K
• Merit bonuses
• Compensation
• Clearance differential
• Certification reimbursement