Information Systems Security Auditor (ISSA)

About The Position

Requirements

• Bachelor’s degree in an IT-related or similar relevant field or equivalent experience.
• At least two years of experience in a similar systems security role or experience in related IT or systems security disciplines.
• Candidate must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
• DSS NISPOM Risk Management Framework Courses
• DOW 8570.01-M certification at IAT level 2, such as Security +
• Candidate must possess an Active Secret clearance. Top Secret with SCI eligibility is preferred.
• Successful completion of a criminal background check is required.

Nice To Haves

• Understanding the technical configurations of Windows and other operating systems is desirable.
• Understand Windows and Linux event logs is desirable.
• Knowledge of compliance checking tools preferred.
• Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.

Responsibilities

• Serves as Information Systems Security Auditor under the guidance of the ISSM.
• Implements and maintains a formal information systems security program.
• Assists with developing, reviewing, maintaining and overseeing information systems security plans (SSPs) and Assessment/Authorizations in accordance with DoW mandated polices.
• Conducts audit reviews of systems to track multiple events including any signs of inappropriate or unusual activity, data transfers, etc. Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities.
• Implements and enforces information security policies and procedures.
• Performs the steps involved in the execution of the Risk Management Framework (RMF), including generation of documentation, controls compliance testing, and continuous monitoring activities for systems.
• Works with IT to assist the ISSM in performing an initial system assessment to ensure that required security controls are implemented and operating correctly before a system is authorized for production.
• Ensures IT staff and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization packages.
• Confirms IT staff continuously apply system patches, service packs, and anti-virus updates to all systems
• Notify IT Staff when a user account is to be created, modified, disabled, or removed from a system
• Participates in IDA change management processes for authorizing use of hardware / software on an information system.
• Participates in inspections and incident response.
• Executes established procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
• Ensures proper protection and / or corrective measures are taken when an incident or vulnerability has been discovered and reported and documented as required.
• Participates in risk and vulnerability assessments.
• Executes elements of IDA information systems security, education, training, and awareness programs.
• Clearly communicates to all users, including security personnel, IT staff, and managers the proper procedures for protecting classified information and the systems that process that information. Training prior to initial system access and periodically after includes proper system usage, physical security, data transfers, media protection etc.
• Performs other duties as assigned.