Information System Security Officer (ISSM)
Role details
Job location
Tech stack
Job description
Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employers core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!
The Information System Security Officer (ISSM) is a critical leadership role responsible for establishing, implementing, and managing the information security program within the organization for the Air Force Research Laboratory (AFRL) at Wright-Patterson AFB, Ohio.
Responsibilities
- Collaborate closely with cross-functional teams to assess security risks, develop mitigation strategies, and ensure compliance with regulatory requirements and industry standards.
- Oversee the creation, execution, and assessment of policies for information security programs.
- Create and maintain Assessment and Authorization (A&A) packages, Risk Assessment Reports (RARs), System Security Plans (SSPs), Security Controls Traceability Matrices (SCTMS), Plans of Action & Milestones (POA&Ms), Memorandums of Agreement (MOAs), policy documents, and other required system artifacts.
- Manage the monitoring of information security systems using Elastic and other tools to maintain organizational situational awareness.
- Develop and maintain technical user documentation and standard operating procedures (SOPs).
- Assess threats and vulnerabilities to determine whether additional safeguards should be implemented.
- Perform risk assessments on changes to information systems and their operating environments that could impact cybersecurity posture and system authorization.
- Research and make recommendations regarding hardware and software required to securely operate and maintain the organizations cybersecurity posture.
- Routinely review Assured Compliance Assessment Solution (ACAS), vulnerability scans, and Security Technical Implementation Guides (STIGs), and update Plan of Action and Milestones (POA&M) accordingly.
- Review and approve new user account requests.
- Coordinate with approving officials on approval of external information systems, i.e., interconnected systems.
- Provide guidance to customers on RMF requirements and assist with any security-related issues they may have.
- Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware is properly documented.
- Supervise and mentor Cybersecurity Specialists, Software Tester, and other staff as they perform cybersecurity-related duties.
- Interface directly with sites security officers as well as DCSA representatives to ensure security requirements are consistently met and to conduct inspections as needed.
- Act as the programs designated Cybersecurity Liaison.
- Ensure that all contractor staff servicing the organization are made aware of their duties, restrictions, procedures, and regulations relating to information security.
- Implement and track compliance with network security directives.
- Track and resolve malicious logic incidents.
- Responsible for the resolution of classified spillage incidents that could be identified by either Government or Contractor personnel.
- Author and maintain Policies, Processes, and Procedures within the organization's Strategic IT Management framework.
- Maintain a neat, secure, and orderly facility.
- Complete annual company and customer training requirements according to established policies and procedures, as required.
- Record labor hours daily in an online corporate system.
- Travel up to 10%.
- Other duties as assigned.
Requirements
- Computer Science-based bachelors degree OR 6+ years of equivalent experience.
- Expertise in cybersecurity principles, risk management, and compliance frameworks to protect the confidentiality, integrity, and availability of sensitive information and critical assets required.
- Prior performance as an ISSM. Current CompTIA Security + OR CySA+ certification required.
- IAM Level III Baseline cert required.
- Must possess and maintain a valid U.S. drivers license.
- Secret clearance with an ability to obtain TS/SCI is required.
Knowledge, Skills and Abilities:
- Strong experience with security-relevant tools and software such as ACAS, Radix, SCAP, ESS, Elastic, eMASS, and PEGA.
- Experience with Linux, Windows, and infrastructure virtualization required.
- Experience with network devices and software from Fortinet, Cisco, Palo Alto, and Solar Winds.
- Deep knowledge of NIST SP 800-37, NIST SP 800-53, FIPS 199, and FIPS 200.
- Experience creating artifacts, control implementation details, policy documents, and POA&Ms.
- Maintain a professional manner, have proper telephone, and email etiquette, customer service techniques, and organizational skills.
- Must have strong written and oral communication skills to include the ability to read, write, speak, and understand the English language.
- The ability to perform in a leadership capacity and be capable of directing contractor personnel and interfacing with the Government and customers.
- Exceptional customer service skills.
- Strong time-management and prioritization skills.
- Ability to communicate applicable technical subject matter expertise to management and others.
- Possess strong problem-solving skills.
- Ability to learn and work in new digital environments as required.
- Ability to self-start and work independently or as a team.
- Ability to learn new systems and associated software applications for proficient execution of tasks and managing multiple tasks with time-related constraints in a fast-paced environment.
- Ability to travel up to 10% as requested.