Information Systems Security Officer (ISSO)

About The Position

Requirements

• Active Top Secret clearance
• IAT/M Level II certification
• Education and Experience will depend on the labor category level.
• Previous Information System Security experience is required.

Responsibilities

• Perform Information Systems Security Officer duties consistent with the labor category and required RMF experience.
• Support Risk Management Framework (RMF) activities consistent with the required experience timeframe.
• Manage and perform records management for all Account Forms including but not limited to: Cybersecurity Awareness training for all students, Authorized User Agreements and associated user forms for all networks required for duty at the 39 IOS, System Authorization Access Requests, Privileged User Agreements, 8570/8140 validation, Operating System Certification validation, and associated user forms.
• Maintain appointment letters for work roles including, but not limited to: Program Managers, ISSO, Information Systems Security Manager (ISSM), Information Systems Security Engineer (ISSE), Systems Administrators, Client Systems Technicians, and Cybersecurity Liaisons.
• Perform wireless scanning throughout the facility to ensure no rogue activity to include but not limited to: review vulnerability scans on all networks and respond to any vulnerabilities appropriately while conducting network audits on all networks.
• Manage and update Management Internal Control Toolkit (MICT) checklists for assigned programs including, but not limited to: Privileged User, 17-1301 Computer Security (COMPUSEC), and 17-101 Risk Management Framework (RMF).
• Inspect equipment prior to the entry and exit of the facilities and ensure entry and exit logs are accomplished along with reviewing, updating, and enforcing Media Control policy including, but not limited to: Issuing and tracking removable media and ensuring media sanitization.
• Validate administrator accounts on all networks and respond to any discrepancies appropriately.
• Review equipment purchase requests to ensure items are on approved products listings and meet requirements to enter the facilities.
• Ensure cybersecurity marking and standards enforcement including but not limited to: Classification stickers and markings on all systems, Bomb threat aids posted by all phones, and Combined Security Cards are posted by all workstations.
• Perform random bag and walkthrough inspections with the Security team along with responding to incidents and assisting with response and reporting.
• Answer all TASKORDS/ taskers by MAJCOM for action on our owned networks including but not limited to: vulnerability remediation and data calls.
• Review, update, and enforce the Security Concept of Operations (SECONOPS) along with the contingency plan policy.
• Maintain Risk Management Framework (RMF) packages for all networks owned/operated by the 39 IOS including, but not limited to: answer data calls, prepare system package, Categorize system by guiding documents, Select security controls for risk mitigation, Implement security controls, Assess security control effectiveness, Monitor system and update accreditation package, Security Impact Analysis (SIA) submissions for tenants requesting changes and install of new software, and Respond to and coordinate requirements for accreditation package not owned by the squadron.
• Order, issue, manage, and account for all tokens granting access to network as well as auditing and inventorying issuance of student user tokens.
• Perform COMPUSEC and Information Security (INFOSEC) duties and manage the Cybersecurity Liaison program for the squadron under the direction of the Wing Cybersecurity Office.
• Support functions aligned to DCWF work roles (Information Systems Security Manager; Security Control Assessor; Cyber Defense Incident Responder) as applicable.
• Maintain and apply required IAT/M Level II certification within the scope of assigned duties.