Senior Information System Security Officer

About The Position

Requirements

• U.S. Citizenship required
• Active TS/SCI Clearance
• BS/BA + 15 years of applicable experience in information security
• Must have one of the following Information Assurance Technician (IAT) Level III qualifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Advanced Security Practitioner (CASP+)
• 10+ years of experience in information security
• Experience working with classified information systems and SCIFs
• Demonstrated expertise in RMF, FISMA, NIST, DHS 4300 Series, and classified system security requirements
• Complete Standard Form 4414 Non-Disclosure Agreement prior to accessing TS/SCI information

Nice To Haves

• Previous DHS or DoD experience with classified systems
• Experience with Supply Chain Risk Management for classified networks
• Experience with CSAM, RegScale, eMASS, or similar GRC tools in classified environments
• Knowledge of Intelligence Community Directive (ICD) 503 and related requirements
• Experience supporting emergency operations or disaster response missions
• Strong communication skills for presenting to senior leadership on classified matters

Responsibilities

• Complete Risk Management Framework (RMF) activities for Authority to Operate (ATO) decisions.
• Support both classified and unclassified systems throughout the System Development Life Cycle (SDLC) and work in government locations authorized for TS/SCI materials and information.
• Participate in classified network and facility meetings related to Supply Chain Risk Management and handling classified cybersecurity documentation and communications in accordance with security regulations.
• Provide security authorization services for sensitive systems requiring TS/SCI access and ensure appropriate segregation and protection of information at all classification levels.
• Develop and maintain System Security Plans (SSPs) for classified systems including control baselines, inheritance, Business Impact Analyses, and implementation statements.
• Create and maintain Configuration Management Plans, Contingency Plans, and Incident Response Plans for classified environments.
• Conduct Risk Assessments, annual security assessments, and vulnerability assessments for both classified and unclassified systems.
• Maintain network device and information security incident, damage, and threat assessment programs for classified systems.
• Investigate network device and information security incidents to determine the extent of compromise to national security information and automated information systems.
• Ensure all deliverables must be appropriately marked, handled, stored, and transmitted according to classification level.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits