Senior Information System Security Officer
Company: Information Management Group
Location: Chantilly
Posted on: May 26, 2023
|
|
Job Description:
IMG - is hiring a full-time Senior Information System Security
Officer with TS/SCI at it's Chantilly, VA location.
Responsibilities The Level 3 ISSO position is a senior level or
subject matter expert (SME) information system security
professional who provides advice and assistance to the Government
regarding secure configuration and operation of NRO's IT assets.
Level 3 ISSOs apply extensive knowledge and experience of a variety
of information system security concepts, practices, and procedures.
An ISSO is responsible to the Information System Security Manager
(ISSM) for providing the day-to-day system security operations by
ensuring that operational security is maintained for an information
system (IS). ISSOs are also responsible for maintaining effective
communications with the ISSM, PSO, Information System Owner,
Authorizing Official (AO) or Delegated Authorizing Official (DAO),
Information System Security Engineer (ISSE), and the Security
Control Assessor (SCA). ISSOs must have a working knowledge of
system functions, security policies, technical security safeguards,
and operational security measures. ISSO tasks include but are not
limited to the following: Manage the day-to-day system security
including physical and environmental protection, incident handling,
and information system security training and awareness Support the
Information System Owner to draft, develop, update, or maintain the
system security plan (SSP), and other related documents, following
NRO, IC, and DoD applicable policies, procedures, and templates;
Support initial risk analysis and present results to the
Information System Owner and PSO; Participate in assessment and
integration, verification, and validation (IV&V) testing
activities; Play an active role in continuous monitoring to include
assessing the security impact of system changes, updating the SSP,
managing and monitoring changes to the system, and disposal of the
system in accordance with NRO, IC, and DoD security policies and
practices, as outlined in the approved SSP; Formally notify the
ISSM, PSO, and Information System Owner when changes occur that may
affect accreditation authorization, thus initiating the
re-certification/re-accreditation process; Ensure all IS
security-related documentation is current and accessible to
properly authorized individuals; Periodically assist in maintaining
and updating IT asset records in NRO XACTA; Process information
systems access requests, ensuring all users have the requisite SCI
security clearances, authorization, need-to-know, and are aware of
their security responsibilities before granting access to the IS;
Report all security-related incidents to the ISSM and the cognizant
PSO; Initiate, with the approval of the ISSM, protective or
corrective measures when a security incident or vulnerability is
discovered; Ensure configuration management (CM) for the security
relevant IS software, hardware, and firmware is maintained and
documented. If a CM board exists, the ISSO may support the CM board
if so designated by the ISSM; Follow procedures developed by the
ISSM, authorizing software, hardware, and firmware use before
implementation on the system; Ensure system recovery processes are
monitored to ensure that security features and procedures are
properly restored; Ensure system security requirements are
addressed during all phases of the system life cycle; Be
responsible for controlling, labeling, virus scanning, and
appropriately transferring data (uploading/downloading) between
various NRO information systems as required; Support comprehensive
investigations into all NRO related data spills and IT incidents at
both government and contractor sites; Support information
protection needs, system security requirements, system security
architecture, and verify information protection effectiveness as
related to NRO mission requirements; Provide guidance on system
security, assessment and authorization issues, and INFOSEC policy
and security vulnerabilities; Provide advice and guidance to NRO
program personnel and Program Security Officers on all Information
System (IS) security issues across all NRO activities; Support the
Government POC in managing the acquisition, operation, storage,
inventory, and disposition of all Communications Security (COMSEC)
related material and equipment as required; Work security issues
involving multiple Intelligence Community SCI Control Systems, DOD
SAP/SAR activities, and SCI Special Handling programs; Provide
appropriate security awareness and training to NRO information
system users; Coordinate activities with official designated
representatives, chief information officers, senior agency
information system security officers, information system and common
control providers, and information system security officers;
Monitor and track status of applicable patches including IA
vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), and
technical advisories (TA) for the networks and operating system(s)
under their purview; Review applicable audit logs for actions to
include but not limited to security relevant events/activities,
suspicious activity, baseline changes and notify the ISSM of any
discrepancies. Write, review, and/or assess security documentation
and plans (e.g., Operational Security (OPSEC) Plans, Program
Protection Plans, Classification Guides, DD 254's, Contract Data
Classification Worksheets) focusing on safety and security of
personnel, assets, resources, and mission. Qualifications Clearance
Required: TS/SCI required for consideration. Must be able to obtain
CI Poly before starting. Baseline Certification: Must possess and
maintain, or obtain within six months from their arrival date,
professional Information Security (IS) certification(s) appropriate
for the level of duty and responsibility of their position.
Education/Experience: Senior Level: Masters degree and 5 years of
experience OR Bachelors degree and 8 years of experience OR
Associates degree and 12 years of experience Desired
Qualifications: Familiarity with conducting research and analysis;
Familiarity with network and information system security principles
and best practices; Familiarity with controlling, labeling, virus
scanning, and appropriately transferring data
(uploading/downloading) between information systems at varying
classification levels; Ability to engender rapport with the
military, civilians, and other contractors at all levels; Ability
to prioritize tasks; Familiarity with applicable NRO, IC, DoD
policies, procedures and operating instructions related to
Information Technology, Information Assurance, Information
Management (IT/IA/IM). Thorough understanding and application of
network security principles, practices, and implementations;
Working knowledge of cross-functional integration of information
systems into a physical security environment; Working knowledge of
system functions, security policies, technical security safeguards,
and operational security measures; Understanding of system
methodologies including but not limited to client server, web
hosting, web content servers, policy servers, directory servers,
firewalls, WAN, LAN, switches, and routers; Familiarity with
detecting and preventing computer security compromises in a
networked environment; Working knowledge of configuration
management; system maintenance; and integration testing; Proficient
in the use of tools used to prevent and/or negate malicious code;
Understanding of COTS tools that scan at the physical layer of all
removable and fixed media types including but not limited to: (CDs,
hard drives, thumb drives, Zip/Jazz, etc.); Ability to decipher and
explain in clear language Intelligence Community Directive (ICD)
503; Ability to support forensics and evidentiary preservation;
Ability to troubleshoot technical configurations and make
recommendations on the protection of classified and sensitive data;
Demonstrated ability to translate technical information and
information technology jargon into plain English; Ability to apply
a risk management philosophy when faced with security challenges
and the ability to articulate the pro's and con's in a clear
concise manner; Demonstrated proficiency with the following
computer operating systems (e.g. Microsoft Windows, LINUX, UNIX,
Mac OS, etc.); Analytical ability to decipher complex technical
configuration management documents; Demonstrated proficiency with
database maintenance; Strong ability to elicit, articulate, and
document information in a well-organized manner; Demonstrated
ability to work independent of close supervision; Demonstrated
experience with Microsoft Office Suite; Working knowledge of all
applicable NRO, IC, DoD policies, procedures and operating
instructions related to Information Technology, Information
Assurance, Information Management (IT/IA/IM); Excellent
communication, interpersonal, and team-building skills to engender
rapport with the military personnel, civilians, and other
contractors at all levels; An ability to prioritize work to meet
deadlines, and to manage the workflow of the ISSO team;
Demonstrated ability to correlate audit results between various
systems and/or users and notify the ISSM of any discrepancies.
Expertise with configuration management; system maintenance; and
integration testing; Ability to troubleshoot technical
configurations and make recommendations on the protection of
classified and sensitive data; Expert in the use of tools used to
prevent and or negate malicious code; Expert in detecting and
preventing computer security compromises in a networked
environment; Expertise in forensics chain of custody and
evidentiary preservation; Demonstrated proficiency in successfully
guiding complex information systems through assessment and
authorization control gates; Analytical abilities to decipher
complex technical configuration management documents; Proficient in
maintaining databases; Thorough working knowledge of all applicable
NRO, IC, DoD policies, procedures and operating instructions
related to Information Technology, Information Assurance,
Information Management (IT/IA/IM); Demonstrated ability to work
independent of close supervision; Expert ability to establish and
maintain effective internal and external working relationships with
government and contractor program managers, security professionals,
and mission partners; Ability to effectively provide ISSO guidance
to Level 1 and Level 2 ISSOs. COVID-19 Regulations: As required by
Executive Order 14042 and the guidance provided by the Federal
Workforce Task Force, all federal contractor employees are required
to be fully compliant with customer COVID-19 regulations. IMG will
provide additional information regarding these requirements and how
you can request an exception if needed. IMG COMPANY BENEFITS
Health, dental, vision, and life insurance Short term and long term
disability insurance 401(k) with generous company match Flexible
Spending Accounts (FSA) and Health Savings Accounts (HSA) 15 days
of personal leave plus paid federal holidays Professional
development and training assistance Information Management Group,
Inc. is an equal opportunity employer. All qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, national
origin, disability or veteran status.
Keywords: Information Management Group, Chantilly , Senior Information System Security Officer, IT / Software / Systems , Chantilly, Virginia
Click
here to apply!
|