Information System Security Officer (ISSO)

We are seeking an experienced Information Systems Security Officer to join our team. The ISSO will be responsible for developing data security policies using data security standards, guidelines, and requirements that include privacy, authentication, access control, retention, disposal, incident management, disaster recovery, and configuration

In this role, you will:

• Support all tasks associated with MILCON, Modernization and JITC ATO efforts for FRCS and other systems as necessary.
• Review FRCS Specifications (Pre-construction RMF support/planning to ensure proposed solution meets DoD RMF requirements, Division 25 - Integrated Automation requirement and submittals.), APL requirements, and other system salient characteristics that will increase the likelihood of DHA RMF approval.)
• Participate in construction meetings, coordinate with local site Facility Manager FM and Local IT Department Personnel including the Information System Security Manager (ISSM) when available.
• Interface with the DHA FE ISSM and FRCS Security Controls Assessors Representative (SCAR).
• Work with ISSM and local site FM and IT Personnel to contribute to the development of System Security Plans, Boundary Documentation, Control selection, security assessment plan and all other RMF Related artifacts contributing to the System's ATO and eMASS Packet.
• Review construction submittals and assist project teams operationalize FRCS Solutions once ATOs are achieved.
• Establish and sustain Plan of Action and Milestones (POAMS) perform scans and or upload scan results and create, update, and maintain other artifacts associated with eMASS Packages.
• Review FRCS installations against requirements and specifications. The outcome of this Discovery phase will be provided as an actionable report with findings and recommendations to support RMF activities.
• Establish and maintain eMASS packages through the FRCS Lifecycle
• Support independent verification and validation (IV&V) on FRCS systems noted in MILSTD 1691 as Real property installed equipment (RPIE) and Electronic Security Systems (ESS). This includes updating the Configuration Management Plan, Contingency Plan, E-Authentication Memo and the Incident Response Plan as required.
• Support the RMF accreditation process for assigned systems and continue the process of conducting full Self-Assessment. During the self-assessment, the Contractor shall utilize ACAS, SCAP, Web, DB and conduct Manual Checklists as required by each system. Upon completion of the self-selects process, the contractor shall remediate all open findings, both of technical nature and those which are policy / procedural based.
• Coordinate with local site to implement continuous monitoring of FRCS Solution
• Coordinate with vendors and local sites to ensure scheduled and approved patches and updates to FRCS solutions are implemented.
• Certified to IAT Level II and sustain those certifications through the life of the contract.
• The Monthly Progress Reports. The ISSO shall submit a monthly status report. Reporting on ATO Status, System POAM Status, Patch and Scan Results and identification of any risks associated with the attainment of an ATO and/or risks to the status of an established ATO. Reports shall be due NLT the 28th day of each month. The report(s) would be required to be submitted by e- mail to the Government Points of Contact (POC) identified during the kick off. The report shall also identify completed tasks and relevant project information.
• Meeting Minutes. The ISSO shall generate and distribute meeting minutes for all conference calls / face to face meetings and any subsequent interim meetings. The meeting minutes shall document all items discussed at the meetings and shall at a minimum include the date, a list of meeting attendees, open items, closed items, Requests For Information (RFIs), issues, and schedule. The contractor shall provide meeting minutes within 7 calendar days of the meeting.

Do you have experience in Project team coordination?, * CISSP required

• Coordinating and facilitating work efforts within a team/team required
• PM experience is highly desirable, a PMP certificate would be great but not required
• Knowledge of medical facilities operations is desirable
• Knowledge/experience with control systems, FRCS required
• Information Systems Security Manager, IAM Level 2 certification required, To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The qualifications listed above are representative of the knowledge, skill, and ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.