Information Security Officer (ISSO) III

Location: Philadelphia, PA

Education/Certifications: Bachelor’s degree (computer science, IT, communications systems management, or equivalent STEM field); IAM-II; CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP

Years of Experience: 6+ years’ experience security compliance / cyber incident response

Clearance Level & Investigation: Secret (interim acceptable)

IA Cert Level (DoD 8570.01): IAM-II


Qualifications:

  • Target Education: Bachelor’s degree in computer science, IT, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university.
  • Target Experience: Six (6) years of experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting.
  • Minimum Certs: IAM-II, CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
  • Must be U.S. citizen and hold active or interim Secret clearance.

General Duties Include: Responsible for supporting all aspects of Information Assurance (IA) processes tailored to include minimum qualification standards, fundamental awareness, and familiarity to demonstrated competency with specific experience in Cyber Security, Engineering, Test & Evaluation, (T&E) and/or Security Control Assessor (SCA) under a Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) process. Must demonstrate a working knowledge of Risk Management Framework (RMF) and/or include prior experience with Defense Information Assurance & Certification Accreditation Process (DIACAP). Familiarity with security policies & guidance documents to assist with preparation and maintenance of process artifacts, traceability documents purposed for compliance with Authority to Operate (ATO) requirements. Evaluate security solutions to ensure they meet security requirements for processing up to classified information, and supervise and/or maintain operational security posture for an information system or program. May assist or develop system security policy and ensure compliance of change management and configuration control processes. Plan and coordinate IT security program and policies supporting command leadership mission and goals.


Responsibilities:

  • Assist Information System Security Managers (ISSMs) in executing duties and responsibilities.
  • Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies.
  • Ensure relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals.
  • Coordinate cybersecurity processes and activities for assigned systems.
  • Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs.
  • Provide oversight of Security Plans for assigned systems throughout lifecycle.
  • Manage and maintain Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and remediated where possible.
  • Assist with identification of security control baselines and applicable overlays.
  • Coordinate validation of security controls with Navy Qualified Validators (NQVs).
  • Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
  • Adjudicate findings from Package Submitting Officer (PSO).
  • Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS).
  • Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews.
  • Report changes in system security posture to ISSM.
  • Ensure execution of Continuous Monitoring-related requirements as defined in System Level Continuous Monitoring (SLCM) Strategy.
  • Review all data produced by Continuous Monitoring activities, update eMASS record as necessary, and escalate to leadership for action if required.
  • Correlate findings from non-RMF vulnerability assessments (e.g., Development Test (DT)/Operational Test (OT), penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking to ensure holistic risk assessment.
  • Participate in change control and configuration management processes.
  • Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM).
Job Category: Information Technology
Job Type: Full Time
Job Location: Philadelphia - PA
Clearance Level: Secret
Education-Certifications: BA/BS
Years of Experience: 6+
Source Selection: NSWCPD

Apply for this position

Your Passport must be valid for two years.

Maximum allowed file size is 1 MB. Allowed Type(s): .pdf, .doc, .docx
Back to listings