RMF Information System Security Officer

Summary:

Osi Vision is seeking an Information System Security Officer (ISSO) that provides Risk Management Framework (RMF) support to the Public Key Infrastructure (PKI) System Program Office. Requires the ability to validate requirements and configurations, scan networks for compliance, manage accreditation cycles in eMASS, and establish test environments that support PKI and Air Force Identity and Access Management solutions.

Job Requirements:

• Adhere to all requirements as stated in the National Industrial Security Program Operating Manual (NISPOM, 32 CFR, Part 117) and the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM)
• Strong analytical skills to ensure there is an acceptable level of risk for the configuration of the system to meet the following Cyber Security and RMF policies and guidelines: DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, DoD 8570.01-M, and NIST SP800-53.
• Maintain the system registration and records within eMASS to support the RMF process
• Assist directly with the assigned DCSA / AF ISSP to ensure full and timely compliance with government directives and regulations of Systems
• Responsible for    scheduling and coordination of a Security Compliance Assessor Validation (SCA-V) to perform an independent 3rd party evaluation in support of an accreditation recommendation: ATO and/or ATO with conditions.
• Manage/Oversee development of RMF packages necessary to achieve and maintain a full, multi-year Authority to Operate (ATO) or Approval to Connect (ATC).
• Conduct applicable scans using Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and other Air Force-approved tools to determine current security posture of the system.
• Manage eMASS entries on all required and applicable RMF controls.
• Assist in the development and maintenance of the Security Plan and required artifacts and documentation.
• Conduct routine analysis to ensure the proper Security Technical Implementation Guides (STIGs) for each system component are applied.
• Assist the Facility Security Officer in the effective implementation, assessment, and management of the Security Program
• Report security issues to the Facility Security Officer (FSO) and the Insider Threat Program Senior Official as applicable
• Establish, document, implement, and monitors the Information Systems Security program, System Security Plans (SSP), security education, awareness, and training activities for facility management, IS personnel, users, and others, as appropriate
• Identify and document unique local threats & vulnerabilities; makes recommendation to risk management status and reports threat indicators into the Insider Threat process
• Ensure that periodic self-inspections of the facility’s IS Program and accredited systems are conducted as part of the overall facility self-inspection program and that corrective action is taken for all identified findings and vulnerabilities.
• Develop and maintain Incident Response plans, vulnerability assessments, and maintenance procedures
• Create and/or refine policies, procedures, and artifacts necessary to ensure applicable controls are met.
• Ensure that all findings are properly documented in the Plan of Action and Milestones (POA&M) on an on-going basis.
• Create and/or refine the correct policies, procedures, and artifacts necessary to ensure applicable controls are met.
• Designate and manage the training, certification, and oversight responsibilities of assigned Information System Security Officers (ISSO’s) as applicable
• Monitor and provide guidance on Information Assurance and IS Security Awareness to employees and Gov partners through scheduled briefings.
• Brief, maintain latest schedule updates to Stake Holders
• Ability to work in a team focused, dynamic environment.

Required Experience and Education:

• Bachelor of Science Degree Computer Science or Cyber Security related field preferred
• Current DoD 8570.01-M IAT Level II Certification (Security+, CISSP, CCNA Security, GSEC, or equivalent)
• Industrial Security Program experience
• Experience in providing technical solutions to a wide range of difficult problems
• Experience with eMASS
• Experience with (ACAS) and Host Based Security System (HBSS)

Security Clearance:

• Position requires a Secret clearance.

Preferred Skills:

• Develops risk-based mitigation strategies for networks, operating systems, and applications
• Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness
• Creates and maintains vulnerability management policies, procedures, and training
• Review and define requirements for information security solutions
• Organize network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts.