Information System Security Officer (ISSO)
CACI•Chantilly, VA
•Onsite
About The Position
CACI is looking for an Information System Security Officer (ISSO) to support our DoD customer to implement an enterprise IT service delivery model that provides consistent, secure, high-quality, and cost-effective services to enable mission success and improve end user experience across the customer environment. On this program, CACI will deliver enhanced capabilities and services to implement and operate an enterprise ITSM solution, enterprise service desk, endpoint management and security solution, as well as CONUS/OCONUS field support and life cycle support for end user devices to enable the DoD customer to transition focus from IT operations to mission operations.
Requirements
- Active DoD Secret Clearance
- 12+ Years of relevant experience (Bachelor’s Degree in relevant field may be substituted for 5 years of relevant experience).
- DoD 8570 IAT or IAT level II Certified
- Familiarity with DoD Risk Management Framework (RMF) or DIACAP processes
- Experience with classified environments and information systems
- Strong technical written and verbal communication skills
- Ability to work and lead other team members, with little oversight, to accomplish Sprints and organizational tasks.
Nice To Haves
- Knowledge of eMASS preferred
- ITIL Foundation preferred
- Cloud Experience
- DEVSECOPS Experience
Responsibilities
- Verify that all requirements for system access to an Information System are met and that there is a signed Acceptable Use Agreement on file.
- Assist in the preparation, distribution, coordination and maintenance of plans, instructions, policies, guidance, and standard operating procedures necessary for implementation of the Organization’s IA program and serve as the subject matter focal point for the Organization’s IA program.
- Ensure Certification and Accreditation package is prepared and maintained in accordance with (IAW) the DoD Information Assurance Certification and Accreditation Process (DIACAP), or the DoD Risk Management Framework (RMF).
- Oversee System Owners to ensure they follow established IS policies and procedures.
- Review weekly bulletins and advisories that impact security of site information systems to include, RCERT, ACERT, IAVA, and DISA ASSIST bulletins.
- Support periodic testing which is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
- Implement and enforce IS security policies.
- Ensure approved policies and procedures are in place capturing the organization’s requirements in regard to all of the NIST 800-53r5 families.
- The SIPR ISSO will assist in updating policies and procedures when changes occur or periodically.
- Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS.
- Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
- Respond to security incidents, and for investigating and reporting (to the IAM and ISSO and to local management) security violations and incidents, as appropriate.
- Serve as a member of the Change Advisory Board and Demand Approval Board
- Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Attend required technical (e.g., operating system, networking, security management, SysAdmin) and security training relative to assigned duties.
- Ensure proper decisions are made concerning levels of concern for confidentiality, integrity, and availability of the data, and the protection level for confidentiality for the system.
- Report all security-related incidents to the ISSM and Security Incident Response Team.
- Initiate protective and corrective measures when a security incident or vulnerability is discovered, with the approval of the ISSM or System Owner.
- Develop and maintain an accreditation/certification and assessment/authorization support documentation package for system(s) for which they are responsible.
- Conduct Continuous Monitoring in line with the DAF’s ATO methodology
- Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
- Ensure system security requirements are addressed during all phases of the system life cycle.
- Provide status updates on IA and system security health to the government in a formal setting.
- The SIPR ISSO will need to provide updates for all of the systems when the ISSM is unavailable.
Benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
