Apply on Employer Site

Abacus Technology Corporation · 1 month ago

Information Systems Security Officer (ISSO

Montgomery, AL

Full-time

Onsite

Senior Level

5+ years exp

Abacus Technology Corporation is seeking an Information Systems Security Officer (ISSO) to provide security and information assurance support for the Air Force Intranet Control (AFINC) III Support program at Maxwell AFB/Gunter Annex. The role involves performing security analysis, implementing risk management processes, and ensuring compliance with security requirements.

Information TechnologySoftwareTelecommunications

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards

Implement the Assessment and Authorization (A&A) processes under the Risk Managed Framework (RMF) for new and existing information systems

Maintain a current authorization to operate (ATO), and approval to connect (ATC) (if required), and in implementing corrective actions identified in the plan of action and milestones

Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA) and Risk Acceptance Letters

Develop an Information System Continuous Monitoring (ISCM) strategy and monitor any proposed or actual changes to the system and its environment to maintain compliance

Audit systems to ensure security posture integrity

Conduct assessments and test/analysis data to document state of compliance with security requirements

Conduct risk assessments and investigations, recommend implementation of risk mitigations, and coordinate incident response activities

Conduct periodic hardware/software inventory assessments

Supervise the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures

Manage assigned team to facilitate effective execution of the RMF

Coordinate and participate in security assessments and audits

Prepare, review, and present technical reports and briefings

Register, maintain, verify, submit exceptions, conduct annual review, or decommission systems ports, protocols, and services (PPS) as necessary to ensure compliance with the DoD PPS Category Assurance List (CAL) and DoD PPS Vulnerability Assessment reports

Qualification

CISM certificationCISSP certificationRisk Management Framework (RMF)Certified in GovernanceRiskCompliance (CGRC)NIST SP 800 seriesNESSUSDISA eMASSDoD cybersecurity policiesACASDISA STIGsAudit ToolsESSPPS complianceOutstanding communication skills

Required

5+ years experience in a cyber security or information assurance role including at least 3 years supporting the RMF

HS diploma or GED

Must be CISM or CISSP certified (or hold an equivalent certification in compliance with DoD 8140/8570 IAM II)

Must hold the Certified in Governance, Risk and Compliance (CGRC) certification

Have participated in training for DISA ACAS Supervisor and Operator and DISA Enterprise Mission Assurance Support Service (eMASS)

Experience with DoD cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. NIST SP 800 series, CNSSI 1253

Experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs

Experience in assessing and documenting test or analysis data to show cybersecurity compliance

Experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, Audit Tools, ESS, eMASS, PPS

Outstanding communication skills across all levels of the organization

Must be a US citizen and hold a current Top Secret clearance with SCI Access (TS/SCI)