Information Systems Security Officer

PLEXSYS•Camas, WA

23h•$89,900 - $140,800•Onsite

About The Position

The Information System Security Officer (ISSO) is responsible for ensuring the appropriate operational security posture for information systems and as such, works in close collaboration with the ISSM, CPSO, and FSO. The ISSO must have detailed knowledge and expertise required to manage the security aspects of an information system and is assigned the day-to-day responsibility for assigned systems. Responsibilities include implementation of the requirements of Risk Management Framework, including the Joint Special Access Program (SAP) Implementation Guide (JSIG), NIST 800-53, or other security requirements as assigned. This position will report to the Corporate Information Assurance Manager and work in close collaboration with the AFSO and FSO. The ISSO is responsible for developing and updating the security authorization package, managing and controlling changes to the system, and assessing the security impact of those changes. Ensure systems are operated, maintained, and disposed of following security policies and procedures as outlined in the security authorization package. Report all security-related incidents to the ISSM. Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure audit records are collected, reviewed, and documented. Duties also include physical and environmental protection, personnel security, and incident handling.

Requirements

Bachelor’s degree in related field or four (4) years’ experience in related field
DoD 8570 compliant, IAT Level II
Experience with Windows based administration of Information Systems
Ability to work within compliance standards; previous experience with RMF, HIPAA , PCI DSS, or equivalent compliance standard preferred
Strong experience in networking, active directory, centralized logging solutions, vulnerability scanning and anti-virus solutions
Experience with security audits for information systems
Strong communication and problem-solving skills
Ability to work in both a team environment as well as independently
Must be organized and detail oriented
Ability to obtain and maintain Top Secret clearance with the ability to obtain approval for SAP/SCI access

Nice To Haves

Have previous experience with DoD Security Regulations and Policies

Responsibilities

Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied
Maintain and establish the accreditation of classified information systems
Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations
Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections
Develop, implement and maintain security emergency action plans
Provide security education and training to local employees
Maintain administrative security records and documents for local employees
Conduct self-inspections to ensure current security measures and policies are effective
Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees
Conduct system audits in accordance with security accreditation package requirement
Conduct vulnerability scans and analysis
Conduct maintenance on the networks, systems, and hardware
Perform software upgrades on networks, systems, and hardware
Perform security assignments in accordance with the Automated Information System requirements and local regulations
Understand and follow NISPOM/ODAA/RMF/JAFAN/ICD/NIST/JSIG classified system accreditation and certification requirements
Other duties as assigned