Information Systems Security Officer 2

About The Position

Requirements

• Minimum of: • 5 years of related experience with a Bachelor’s degree, OR • 3 years with a Master’s degree, OR • PhD without experience, OR • Equivalent combination of education and relevant work experience.
• Hands-on experience implementing the Risk Management Framework (RMF) and supporting ATO authorization for DoD or federal systems.
• Strong understanding of: • NIST cybersecurity frameworks and guidance (SP 800-53, SP 800-37) • System security documentation and control implementation • Network security principles and operating system security
• Demonstrated ability to analyze complex cybersecurity issues and apply sound technical judgment.
• Ability to work independently with minimal supervision while effectively collaborating with system owners, engineers, and program leadership.
• Ability to obtain and maintain a DoD security clearance.
• This position requires access to information that is subject to compliance with the International Traffic Arms Regulations (“ITAR”) and/or the Export Administration Regulations (“EAR”). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction.
• ITAR U.S. Citizenship is required.

Nice To Haves

• One or more of the following certifications are preferred: • CISSP – Certified Information Systems Security Professional • CompTIA Security+ • CISM – Certified Information Security Manager • CISA – Certified Information Systems Auditor
• Experience supporting systems that process or store Controlled Unclassified Information (CUI) and familiarity with DoD cybersecurity compliance standards is highly desirable.

Responsibilities

• Serve as the primary cybersecurity advisor for assigned systems, guiding system owners and engineering teams through the RMF lifecycle to achieve and maintain ATO authorization.
• Develop, maintain, and update the System Security and Privacy Plan (SSPP) and associated RMF artifacts including control implementations, assessment documentation, and continuous monitoring evidence.
• Maintain and manage the Plan of Action and Milestones (POA&M) to track and remediate identified security weaknesses. Review and analyze vulnerability scan results and conduct security impact analyses for system changes.
• Support ongoing continuous monitoring activities, including control validation, security posture reviews, and coordination with system administrators and engineers.
• Participate in or lead security assessment activities, including internal audits and control assessments, to ensure compliance with DoD cybersecurity policies and standards.
• Assist with the investigation, reporting, and mitigation of cybersecurity incidents, ensuring appropriate documentation and coordination with program leadership and security personnel.
• Explain complex cybersecurity requirements to technical and non-technical stakeholders to support program compliance and operational success.

Benefits

• AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown.
• For more information about our company benefit offerings please visit: http://www.avinc.com/myavbenefits.