Information Systems Security Officer (ISSO

Overview

Abacus Technology is seeking an Information Systems Security Officer (ISSO) to provide security and information assurance support for the Air Force Intranet Control (AFINC) III Support program at Maxwell AFB/Gunter Annex. This is a full-time position.

Responsibilities

• Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards.
• Implement the Assessment and Authorization (A&A) processes under the Risk Managed Framework (RMF) for new and existing information systems.
• Maintain a current authorization to operate (ATO), and approval to connect (ATC) (if required), and in implementing corrective actions identified in the plan of action and milestones.
• Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA) and Risk Acceptance Letters.
• Develop an Information System Continuous Monitoring (ISCM) strategy and monitor any proposed or actual changes to the system and its environment to maintain compliance.
• Audit systems to ensure security posture integrity.
• Conduct assessments and test/analysis data to document state of compliance with security requirements.
• Conduct risk assessments and investigations, recommend implementation of risk mitigations, and coordinate incident response activities.
• Conduct periodic hardware/software inventory assessments.
• Supervise the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures.
• Manage assigned team to facilitate effective execution of the RMF.
• Coordinate and participate in security assessments and audits.
• Prepare, review, and present technical reports and briefings.
• Register, maintain, verify, submit exceptions, conduct annual review, or decommission systems ports, protocols, and services (PPS) as necessary to ensure compliance with the DoD PPS Category Assurance List (CAL) and DoD PPS Vulnerability Assessment reports.

Qualifications

5+ years experience in a cyber security or information assurance role including at least 3 years supporting the RMF. HS diploma or GED. Must be CISM or CISSP certified (or hold an equivalent certification in compliance with DoD 8140/8570 IAM II). Must hold the Certified in Governance, Risk and Compliance (CGRC) certification and have participated in training for DISA ACAS Supervisor and Operator and DISA Enterprise Mission Assurance Support Service (eMASS). Additional certifications such as CCNA or Microsoft Certified: Information Security Administrator Associate preferred. Experience with DoD cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. NIST SP 800 series, CNSSI 1253. Experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs. Experience in assessing and documenting test or analysis data to show cybersecurity compliance. Experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, Audit Tools, ESS, eMASS, PPS. Outstanding communication skills across all levels of the organization. Must be a US citizen and hold a current Top Secret clearance with SCI Access (TS/SCI).

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

EOE/M/F/Vet/Disabled