4400 ISSM

We are seeking an ISSM that will be responsible for ensuring the security and maintenance of information systems in their assigned programs throughout the Risk Management Framework (RMF) lifecycle, from preparing through decommission, in accordance with Intelligence Community Directives (ICD) and Defense Intelligence Agency (DIA) policies. The ISSM manages and controls changes to the system or application, assesses the potential cybersecurity impact of those changes, provides technical expertise and continuous monitoring.

GENERAL DUTIES:

• Thoroughly document misconfigurations, issues, and vulnerabilities from analyzed systems.
• Properly uses XACTA to manage and store all relevant program information including documentation of risk assessments, security control implementations, POA&M tracking, and compliance status.
• Monitor and track all POA&M items, ensuring that vulnerabilities identified in scans or audits are documented, mitigated, and closed appropriately.
• Collaborate with ISSOs, SCAs, PMs, and other stakeholders by providing necessary guidance and clarifications.
• Act as a cyber security representative of the DoD.

• Senior knowledge and hands-on experience with RMF, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management.
• Experience using a Cyber Risk Management Platform (e.g., XACTA/EMASS) for Workflow Automation, Compliance Standards, RMF, and Continuous Monitoring.
• Solid interpersonal and communication skills to interact with various stakeholders and team members effectively.
• Expert hands-on experience interrupting compliance and vulnerability scanning tool reports from (XACTA, STIGS, ACAS, PRISMA, Splunk, Trellix (HBSS), and/or other vulnerability scanners)
• Exhibit problem-solving skills and the ability to think analytically.
• Experience leading security projects and initiatives.
• Team-player with collaboration qualities and experience working in mixed technical teams., * Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
• CASP+ CE
• CCNP Security
• CISA
• CISSP (or Associate)
• GCED
• GCIH
• CCSP
• Bachelor's Degree and 12 years of experience in Cybersecurity, Information Assurance and Information Technology
• Bachelors degree may be substituted with 6+ years of additional experience/equivalent certifications