Information System Security Officer (ISSO)

Momentum•Huntsville, AL

20h

About The Position

Welcome to the MOMENTUM Team! MOMENTUM is not just our company name; it is the highest value we deliver to our customers. We are a rapidly growing technology solutions company delivering innovative technology, engineering, and intelligence solutions across the DoD sector. The efforts of our high-capacity team ultimately strengthen our Nation and the warfighter. Our team is dispersed throughout the US, which means we value the diversity and unique collaboration that's fostered throughout our team. We work incredibly hard for our customers and believe deeply in our core values. We're a high-energy, high-growth team and we love to win. We are seeking an experienced Information Systems Security Officer to join our team. The ISSO will be responsible for developing data security policies using data security standards, guidelines, and requirements that include privacy, authentication, access control, retention, disposal, incident management, disaster recovery, and configuration.

Requirements

CISSP required
Coordinating and facilitating work efforts within a team/team required
Knowledge/experience with control systems, FRCS required
Information Systems Security Manager, IAM Level 2 certification required

Nice To Haves

PM experience is highly desirable, a PMP certificate would be great but not required
Knowledge of medical facilities operations is desirable

Responsibilities

Support all tasks associated with MILCON, Modernization and JITC ATO efforts for FRCS and other systems as necessary.
Review FRCS Specifications (Pre-construction RMF support/planning to ensure proposed solution meets DoD RMF requirements, Division 25 – Integrated Automation requirement and submittals.), APL requirements, and other system salient characteristics that will increase the likelihood of DHA RMF approval.)
Participate in construction meetings, coordinate with local site Facility Manager FM and Local IT Department Personnel including the Information System Security Manager (ISSM) when available.
Interface with the DHA FE ISSM and FRCS Security Controls Assessors Representative (SCAR).
Work with ISSM and local site FM and IT Personnel to contribute to the development of System Security Plans, Boundary Documentation, Control selection, security assessment plan and all other RMF Related artifacts contributing to the System’s ATO and eMASS Packet.
Review construction submittals and assist project teams operationalize FRCS Solutions once ATOs are achieved.
Establish and sustain Plan of Action and Milestones (POAMS) perform scans and or upload scan results and create, update, and maintain other artifacts associated with eMASS Packages.
Review FRCS installations against requirements and specifications. The outcome of this Discovery phase will be provided as an actionable report with findings and recommendations to support RMF activities.
Establish and maintain eMASS packages through the FRCS Lifecycle
Support independent verification and validation (IV&V) on FRCS systems noted in MILSTD 1691 as Real property installed equipment (RPIE) and Electronic Security Systems (ESS). This includes updating the Configuration Management Plan, Contingency Plan, E-Authentication Memo and the Incident Response Plan as required.
Support the RMF accreditation process for assigned systems and continue the process of conducting full Self-Assessment. During the self-assessment, the Contractor shall utilize ACAS, SCAP, Web, DB and conduct Manual Checklists as required by each system. Upon completion of the self-selects process, the contractor shall remediate all open findings, both of technical nature and those which are policy / procedural based.
Coordinate with local site to implement continuous monitoring of FRCS Solution
Coordinate with vendors and local sites to ensure scheduled and approved patches and updates to FRCS solutions are implemented.
Certified to IAT Level II and sustain those certifications through the life of the contract.
The Monthly Progress Reports. The ISSO shall submit a monthly status report. Reporting on ATO Status, System POAM Status, Patch and Scan Results and identification of any risks associated with the attainment of an ATO and/or risks to the status of an established ATO. Reports shall be due NLT the 28th day of each month. The report(s) would be required to be submitted by e- mail to the Government Points of Contact (POC) identified during the kick off. The report shall also identify completed tasks and relevant project information.
Meeting Minutes. The ISSO shall generate and distribute meeting minutes for all conference calls / face to face meetings and any subsequent interim meetings. The meeting minutes shall document all items discussed at the meetings and shall at a minimum include the date, a list of meeting attendees, open items, closed items, Requests For Information (RFIs), issues, and schedule. The contractor shall provide meeting minutes within 7 calendar days of the meeting.