Information System Security Officer (ISSO)

About The Position

Requirements

• CISSP required
• Coordinating and facilitating work efforts within a team/team required
• Knowledge/experience with control systems, FRCS required
• Information Systems Security Manager, IAM Level 2 certification required
• Certified to IAT Level II and sustain those certifications through the life of the contract.

Nice To Haves

• PM experience is highly desirable, a PMP certificate would be great but not required
• Knowledge of medical facilities operations is desirable

Responsibilities

• Support all tasks associated with MILCON, Modernization and JITC ATO efforts for FRCS and other systems as necessary.
• Review FRCS Specifications (Pre-construction RMF support/planning to ensure proposed solution meets DoD RMF requirements, Division 25 – Integrated Automation requirement and submittals.), APL requirements, and other system salient characteristics that will increase the likelihood of DHA RMF approval.
• Participate in construction meetings, coordinate with local site Facility Manager FM and Local IT Department Personnel including the Information System Security Manager (ISSM) when available.
• Interface with the DHA FE ISSM and FRCS Security Controls Assessors Representative (SCAR).
• Work with ISSM and local site FM and IT Personnel to contribute to the development of System Security Plans, Boundary Documentation, Control selection, security assessment plan and all other RMF Related artifacts contributing to the System’s ATO and eMASS Packet.
• Review construction submittals and assist project teams operationalize FRCS Solutions once ATOs are achieved.
• Establish and sustain Plan of Action and Milestones (POAMS) perform scans and or upload scan results and create, update, and maintain other artifacts associated with eMASS Packages.
• Review FRCS installations against requirements and specifications.
• Establish and maintain eMASS packages through the FRCS Lifecycle Support independent verification and validation (IV&V) on FRCS systems noted in MILSTD 1691 as Real property installed equipment (RPIE) and Electronic Security Systems (ESS).
• This includes updating the Configuration Management Plan, Contingency Plan, E-Authentication Memo and the Incident Response Plan as required.
• Support the RMF accreditation process for assigned systems and continue the process of conducting full Self-Assessment.
• During the self-assessment, the Contractor shall utilize ACAS, SCAP, Web, DB and conduct Manual Checklists as required by each system.
• Upon completion of the self-selects process, the contractor shall remediate all open findings, both of technical nature and those which are policy / procedural based.
• Coordinate with local site to implement continuous monitoring of FRCS Solution.
• Coordinate with vendors and local sites to ensure scheduled and approved patches and updates to FRCS solutions are implemented.
• Certified to IAT Level II and sustain those certifications through the life of the contract.
• The ISSO shall submit a monthly status report. Reporting on ATO Status, System POAM Status, Patch and Scan Results and identification of any risks associated with the attainment of an ATO and/or risks to the status of an established ATO.
• The ISSO shall generate and distribute meeting minutes for all conference calls / face to face meetings and any subsequent interim meetings.
• The contractor shall provide meeting minutes within 7 calendar days of the meeting.