Information Systems Security Officer (SCAR)

About The Position

Requirements

• Active Top Secret with SAP eligibility
• Bachelor's degree in related discipline (or 4 additional years of relevant experience in lieu of degree)
• 10-12 years of relevant experience
• DoD 8570 IAM III level certification (g., CISSP, CISM, GSLC, or CCISO) or
• DoD 8140 Advanced ISSM (g., CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, CISSP) or
• DoD 8140 Advanced SCA (g., CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA , CISA or CISSP, CISSP-ISSEP, GSLC, GSNA)
• Expert knowledge of:
• Navy FLTCYBERCOM Authorization processes
• GRC Experience (eMASS\Xacta)
• Risk Management Framework requirements
• Cybersecurity (CS) principles and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation
• Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Network security architecture concepts including topology, protocols, components, and principles.
• Security Assessment and Authorization process
• Cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Penetration testing principles, tools, and techniques.
• Relevant laws, policies, procedures, or governance related to critical infrastructure.
• Skilled in:
• Discerning protection needs (i.e., security controls) of information systems and networks.
• Determining how a security system should work and how changes in conditions, operations, or the environment will affect outcomes.

Responsibilities

• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at software application, system, and network levels.
• Verify application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Assess the effectiveness of security controls.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Draft statements of preliminary or residual security risks for system operation.
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Maintain information systems assurance and accreditation materials.
• Support site assistance visits (SAV)s as requested by the Security Control Assessor (SCA).

Benefits

• AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.