Information Systems Security Officer (ISSO)

Overview

Abacus Technology is seeking an Information System Security Officer (ISSO) to manage the overall security policies, procedures, plans, and regulations in support of the U.S Military Training Mission (USMTM) J6. This is a full-time position in the Kingdom of Saudi Arabia (KSA).

Responsibilities

• Support the program in achieving the approval for a program for the Authority to Operate (ATO).
• Implement and manage NIST 800-53 Rev. 4 Security Controls.
• Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems.
• Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans.
• Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems.
• Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities.
• Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities.
• Align systems activities to the NIST Cyber Security Framework (CSF).
• Advise government program managers on security testing methodologies and processes.
• Perform system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response.
• Review system security to accommodate changes to policy or technology.
• Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed.
• Conduct certification tests that include verification that the features and assurances required for each protection level are in place.
• Conduct and coordinate Information System security inspections, tests, and reviews.
• Assess changes in the system, its environment, and operational needs that could affect the accreditation.
• Prepare the final SAR containing the results and findings from the assessment.
• Initiate a POA&M with identified weaknesses and suspense dates for each Information System based on findings and recommendations from the SAR and system scan results.
• Perform risk assessments and make recommendations to customers.

Qualifications

10+ years experience with cybersecurity, information assurance, and certification and accreditation. Bachelor's degree in a related field. Must be CISSP certified (or hold equivalent certification that meets the DoD 8570 IAM II requirement). Experience reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations. Extensive experience with A&A activities. Knowledge of Risk Management Framework (RMF). Must have strong problem solving and analysis skills, be self-motivated, and be able to work and communicate in a team environment. Understanding of security policy advocated by the U.S. Government including Department of Defense and appropriate civil agencies, e.g., NIST. Must be a US Citizen and hold a current Secret clearance.

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

EOE/M/F/Vet/Disabled