Information Systems Security Officer (SCAR)

AMERICAN SYSTEMS, a 100% employee-owned company, is on the hunt for a highly experienced Information Systems Security Officer with demonstrated experience in risk management oversight & assessment to join our Cybersecurity team in Dallas, Texas!

Responsibilities

As an Information Systems Security Officer with AMERICAN SYSTEMS supporting the Security Control Assessor (SCA), you will:

• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at software application, system, and network levels.
• Verify application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Assess the effectiveness of security controls.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Draft statements of preliminary or residual security risks for system operation.
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Maintain information systems assurance and accreditation materials.
• Support site assistance visits (SAV)s as requested by the Security Control Assessor (SCA).

Qualifications

• Active Top Secret with SAP eligibility
• Bachelor's degree in related discipline ( or 4 additional years of relevant experience in lieu of degree )
• 10-12 years of relevant experience
• DoD 8570 IAM III level certification ( g., CISSP, CISM, GSLC, or CCISO ) or
  • DoD 8140 Advanced ISSM ( g., CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, CISSP ) or
  • DoD 8140 Advanced SCA ( g., CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA , CISA or CISSP, CISSP-ISSEP, GSLC, GSNA )
• Expert knowledge of:
  • Navy FLTCYBERCOM Authorization processes
  • GRC Experience (eMASS\Xacta)
  • Risk Management Framework requirements
  • Cybersecurity (CS) principles and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation
  • Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Network security architecture concepts including topology, protocols, components, and principles.
  • Security Assessment and Authorization process
  • Cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
  • Penetration testing principles, tools, and techniques.
  • Relevant laws, policies, procedures, or governance related to critical infrastructure.
• Skilled in:
  • Discerning protection needs (i.e., security controls) of information systems and networks.
  • Determining how a security system should work and how changes in conditions, operations, or the environment will affect outcomes.

Pay Transparency Statement

AMERICAN SYSTEMS is committed to pay transparency for our applicants and employee-owners. The salary range for this position is USD $155,700.00/Yr. - USD $260,000.00/Yr. Actual compensation will be determined based on several factors permitted by law. AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.

EEO Statement

EEO Race/Sex/Disability Status/Veteran Status