Information System Security Officer (ISSO)

About The Position

Requirements

• Must have an active Top Secret US Government Clearance, with the ability to obtain an SCI Clearance.
• Bachelor’s degree with a minimum of 5 years of professional experience in cybersecurity design and development activities.
• Ability to provide practical and creative solutions in a dynamic work environment, while working effectively with a team.
• Ability to handle multiple tasks and prioritize effectively in a rapidly evolving environment.

Nice To Haves

• An active SCI US Government Clearance, with the ability to obtain an SCI Clearance.
• Experience in NASA security or served as an ISSO in other Government agencies.
• Experience in NASA Assessment and Authorization (A&A) process.
• Experience in NASA Risk Information Security Compliance System (RISCS) tool.
• Experience with cloud services.
• Experience with classified networks.
• Candidates should be self-starters capable of working both independently and as part of a team.
• Certification level to meet DoD 8140 IAT or DoD 8570 IAT Level II certification or higher.

Responsibilities

• Provide technical guidance to address the adequacy and effectiveness of information security policies, procedures, and practices.
• Review cyber intelligence threats reports, including but not limited to SOC MARs, SARs, and DHS/CISA Emergency Directives, in order to identify threats to the information system, develop mitigations, and ensure vulnerabilities that require immediate attention are remediated.
• Assist the Information System Owner (ISO) and Information System Security Manager (ISSM) in ensuring that all components of the information system are appropriately updated and patched in accordance with Federal and NASA requirements.
• Evaluate cloud service providers’ security posture and develop associated recommendations for restrictions, conditions and control responsibility parsing.
• Support the Assessment and Authorization (A&A) process through the development and updating of the following: System Security Plan, Contingency Plan, Disaster Recovery Plans, Risk Assessment Report, annual review package, work instructions, policies, and procedural guides affecting the overall IT and security posture of the environment within the NASA Risk Information Security Compliance System (RISCS) system.
• Develop and maintain detailed and accurate System Security Plans (SSP), including security documentation for component and interface specifications, to support appropriate cybersecurity and privacy throughout the information systems’ life cycle.
• Write Plan of Action and Milestones (POA&M’s) and Risk Based Decisions (RBD’s) for the SSP controls.
• Support the Government with identifying and prioritizing essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
• Ensure contingency plans and system controls are reviewed and tested in accordance with agency requirements.
• Analyze system logs to identify potential issues.
• Perform routine audits of systems and applications.
• Ensure Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIA) are conducted as required.
• Provide IT security support to communication systems as needed.
• Serve as a technical resource to other IT and security professionals.