FSO/ISSM

About The Position

Requirements

• Typically requires 4 years of experience in cybersecurity, information systems security, RMF, and Certification & Accreditation (C&A) processes.
• Active Secret Clearance.
• Experience working with eMASS and RMF procedures.
• Demonstrated ability to conduct thorough risk assessments and manage complex documentation.
• Experience of network assets and peripheral equipment.
• Maintain facility and personnel information in DISS and NISS.

Nice To Haves

• Experience with large, multi‑facility networks in Windows and Linux environments.
• Familiarity with cyber incident response, including preservation, containment, and eradication.
• CISSP, CASP, or similar certification.
• FSO & ISSM Certification with in 6 months of hire.
• Master's degree in Information Systems or related field.
• High initiative, strong attention to detail, analytical skills, and organizational capability.
• Ability to work effectively both independently and collaboratively.

Responsibilities

• Collaborate with the Corporate ISSM to ensure all accredited information systems meet RMF requirements.
• Prepare, maintain, and upload System Security Plans (SSPs) and supporting artifacts in eMASS.
• Ensure SSPs accurately reflect system configuration and required security controls.
• Support certification testing and assessments conducted by the Cognizant Security Agency (CSA).
• Maintain facility information system records in eMASS.
• Develop and maintain procedures supporting Configuration Management (CM) for security relevant hardware, software, and firmware.
• Conduct risk and vulnerability assessments of classified systems and verify the effectiveness of security controls.
• Ensure compliance with DoD certification and accreditation requirements, including DoDI 8510.01 (RMF for DoD IT).
• Install, update, and maintain security-related software tools to detect malicious code, viruses, and unauthorized intrusions.
• Provide Security guidance to and regularly interact with Program Managers, Engineering/Production, Management, and Human Resources.
• Responsible for the administration and coordination of the DOD and other industrial security programs and activities to ensure compliance with 32 CFR 117 and other government and company security policies and procedures.
• Coordinate due diligence and risk assessments whose objective is to identify improvements in the existing physical security controls in place for non-NISP security function at assigned facilities.
• Maintain and provide security classification guidance of DD254’s, Security Classification Guides, and other documents related to security requirements for assigned programs.
• Operate and maintain a security education, training, and awareness program to include indoctrinations, annual refresher training, debriefings, courier, travel, event specific briefings, and OPSEC procedures.
• Respond to intrusion alarms as needed.
• Manage physical security for the site, including intrusion detection, access control, CCTV, security hardware, and GSA approved containers.
• Respond to intrusion alarms as necessary.
• Be the direct liaison for the facility with the Defense Counterintelligence and Security Agency (DSCA) and other government agencies.

Benefits

• lifelong learning, offering comprehensive skills training and tuition reimbursement.