The Information System Security Officer I provides support for a program, organization, system, or enclave’s information assurance program.
-Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
-Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.
-Assists with the management of security aspects of the information system and performs day-to-day security operations of the system.
-Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation.
-Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes.
-Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and System Controls Traceability Matrices (SCTMs). -Supports security authorization activities in compliance with the NIST Risk Management Framework (RMF) and any DoD and IC tailored requirements.
Key tasks include:
• Plan and coordinate the IT security programs and policies
• Manage and control changes to the system and assessing the security impact of those changes
• Obtain A&A for ISs under their purview
• Provide support for a program, organization, system, or enclave’s IA program
• Serve as the Approval Authority to validate or approve user authorization for accounts associated with systems under their control
• Understand the authorization boundary of systems
• Collaboration with System and Network administrators to understand and document data flow and architecture diagrams
• Knowledge of security controls, the assessment and applicability to systems
• Maintain operational baseline of systems under their purview
• Provide ongoing Continuous Monitoring to assigned systems
• Provide and validate the operational security posture of systems and ensure they are maintained
• Ability to initiate the reauthorization process of a system that needs reaccreditation
• Ability to decommission a system when it is no longer required
• Manage risks while assigned system is in operation
• Ability to understand the POA&M process as well as track and closeout any outstanding liens
• Ability to acknowledge and respond to IAVAs and create liens as necessary
• Perform, coordinate and document security relevant changes
• Perform vulnerability assessments to ensure updates and system baseline are enforced
• Recognize a possible security violation and take appropriate action to report the incident
• Manage protective or corrective measure when an IA incident or vulnerability is discovered
• Provide security and awareness oversight and/or training as required
• Review of audit reduction tools to monitor and review systems for compliance with IA policy
• Excellent written and verbal communication skills
• Excellent leadership and teamwork skills
• Results oriented, high energy, self-motivated