ACBN Information Systems Security Manager/Officer (ISSM/ISSO)

ACBN Information Systems Security Manager/Officer (ISSM/ISSO)

Location: Ramstein AB, Germany

Security Clearance Level: Secret

Duties/Responsibilities: The Contractor shall maintain regulatory requirements of cyber security for ACBN and give guidance/assistance/ solutions regarding overall cyber readiness. Also, the Contractor shall provide all personnel, knowledge, skills, abilities, staff support and other related resources necessary to perform the RMF services. In supporting the Government in maintaining Assessments & Authorization (A&A) packages, ISSM/ISSOs shall, at a minimum:

• Serve as the primary cyber security point of contact for ACBN systems, ensuring compliance with security policies, procedures, and regulations, and providing timely dissemination of threats, risk, and authorization status to stakeholders.

• Perform all necessary procedures to ensure the safety of information systems assets, including overseeing the accreditation and certification of ACBN systems in accordance with DoD, Intelligence Community, and agency-specific requirements.

• Prepare all required documentation associated with the submission of A&A packages IAW all Federal, DoD, AF, and local RMF policies, regulations, and standards.

• Prepare and submit System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and risk assessment documents, and collaborate with Authorizing Officials (AOs) to achieve and maintain Authorization to Operate (ATO) status.

• Gather required information and documentation on behalf of Enclave ISSMs in support of Command Cyber Readiness Inspections (CCRI).

• Conduct regular reviews of DISA STIGs, ACAS vulnerability scans, and provide remediation feedback to ensure compliance and implement RMF continuous monitoring efforts.

• Develop and recommend policies and procedures to ensure information systems reliability, accessibility, and security, and conduct systems security evaluations, audits, and reviews to identify vulnerabilities and risks.

• Develop RMF Control Family plans and procedures and ensure overall adherence to these plans and procedures.

• Recommend and implement programs to educate systems, network, and data users on systems security policies and procedures, and participate in network and systems design to ensure implementation of appropriate security policies.

• Provide consulting advice to other cyber professionals and ISSO/ISSMs for U-A/A6.

• Apply extensive knowledge of a variety of cyber concepts, practices, and procedures to ensure the secure integration and operations of ACBN.

• Work independently to evaluate and solve complex cyber-related problems quickly and completely without a single point of failure.

• Interface with other Contractor personnel and Mission Partners to complete assigned tasks.

• Support, monitor, test, and troubleshoot hardware and software cyber problems pertaining to the enclave.

• Develop system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands for complex network and enclave systems.

• Draft cyber-related policies and procedures.

• Draft and maintain IT Support Level Agreements (SLA), Memorandums of Agreement (MOA), and Memorandums of Understanding (MOU) between Enclave ISSMs and system owners.

• Follow Government change configuration control processes and attend meetings as required by the COR or TR.

• Ensure the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Perform ISSM/ISSO duties as outlined in AFMAN 17-01 and DoDI 8510.01 for assigned systems/applications.

• Maintain familiarity with relevant DOD/NIST RMF publications, including NIST 800-53, 800-60, 800-37, DODI 8540.01 CDS Policy, and DOD Directive 5144.02.

Minimum/General Experience: This position requires a minimum of 10 years' experience, of which at least eight years must be specialized experience in defining computer security requirements for high level applications, evaluation of approved security product capabilities and resolution of computer security problems.

• Extensive knowledge and proficiency with the Risk Management Framework (RMF) and eMASS or XACTA experience.

• Extensive knowledge and proficiency with the Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner

• Extensive knowledge and proficiency with the Security Technical Implementation Guide (STIG) implementation and automation tools such as SCAP, STIG Viewer, eMASSter which are often leveraged for automation.

• Expert knowledge and proficiency with Cybersecurity best practices.

• Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies.

Minimum Education: A Bachelor's degree in computer science/systems, information systems/technology, engineering/engineering technology, software engineering/programming, or management.

Education and experience requirements may be substituted with:

A Master's Degree (in subjects described above) and eight years general experience of which at least six years must be specialized experience.

No degree and thirteen years of general experience of which at least eleven years must be specialized experience.

Certifications:DoD 8570.01M Information Assurance Manager (IAM) Level III Certification

Additional Requirements: Candidate must meet TESA requirements as follows:

• A Bachelor's Degree and three (3) years of recent specialized experience; or

• Associates Degree and seven (7) years of recent specialized experience; or

• No degree and 11 years or recent specialized experience.

Work Requirements