Under limited direction, the Information Systems Security Manager (ISSO) is responsible for assisting the FSO and ISSM with the development, administration and management of information systems and security procedures for company and customer systems and networks supporting multiple customers. The ISSO will be responsible for a portfolio of programs potentially spalling Collateral, SCI, and SAP/ SAR levels. The candidate will support information system life cycle activities from rapidly establi... more details
Information System Security Officer (ISSO)
Job Category: Security
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 25%
Type of Travel: Continental US
* * *
What You’ll Get to Do:
Under limited direction, the Information Systems Security Manager (ISSO) is responsible for assisting the FSO and ISSM with the development, administration and management of information systems and security procedures for company and customer systems and networks supporting multiple customers.
The ISSO will be responsible for a portfolio of programs potentially spalling Collateral, SCI, and SAP/SAR levels. The candidate will support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for new programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities.
More About the Role:
Responsible for ensuring Information System Compliance with the potential to span multiple business areas or programs.
Ensure system security measures comply with applicable government policies. Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
Maintain thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
Ability to complete ATO system package updates within reporting tools such as XACTA, eMASS, SNOW, etc.
Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
Ensure that each SSP has been implemented, that the specified security controls are in place and properly tested, and that the IS in functioning as described in the SSP.
Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
Utilize automated tools to document certification and accreditation requirements.
Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
Identify and document unique local threats/vulnerabilities to IS.
Ability to write and enforce media control policy and assured file transfer procedure requirements.
Report IS security incidents to the CSA. Ensure action is taken when an incident/vulnerability has been discovered.
Assist with Incident Response handling activities.
Ensure audit records are collected, reviewed, and documented (to include any anomalies).
Assist with OPSEC/INFOSEC training coordination.
Prepare and submit Continuous Monitoring reports.
Ability to execute and run SCAP and STIG benchmarks.
Ability to run and decipher Nessus/ACAS outputs.
Ability to obtain and maintain a full scope polygraph.
You’ll Bring These Qualifications:
University Degree (BA/BS) or equivalent experience and 5+ years of related work experience.
Experience as an ISSM/ISSO implementing NISPOM Chapter 8, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements in a SAP/SCI environment.
Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems.
Experience with both Windows and Linux operating environments.
Knowledge of Risk Managed Framework (RMF)
Familiarity conducting vulnerability scans.
Ability to draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, MSSP, RAR, SCTM).
These Qualifications Would be Nice to Have:
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview:
CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here
The proposed salary range for this position is:
$78,700 - $165,300