Information Systems Security Officer - 201805

Delaware Nation Industries/Unami works with the Oklahoma City Air Logistics Complex (OC-ALC) located at Tinker AFB, OK to provide on-site cybersecurity support services to maintain an Authority to Operate (ATO) for all OC-ALC systems, applications, and networks using the NIST Risk Management Framework (RMF) per DoDI 8510.01, Risk Management Framework (RMF) for DoD Information and AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology.

Ability to obtain a security clearance is REQUIRED.

A Security+ Certification is REQUIRED.

This position is 100% onsite.

·        Document and maintain controls, appendices, and document attachments under NIST SP 800-53 Rev. 4 & 5 for all DSS and IDM systems and sub-systems

·        Document and maintain inheritable common controls catalog for to document controls offered to applications or systems hosted on multi-cloud platform

·        Ensure common controls are available for all hosted systems to inherit and maintain

·        Assist in the development and maintenance of System Security Plans (SSP) and security controls assessments, and organizational policy

·        Update the SSP and server documentation and provide the ISSO to update security artifacts and the baseline documents

·        Update POA&Ms throughout the POA&M lifecycle till closure for all system controls.

·        Provides high-level functional systems analysis, design, integration, documentation, and implementation advice on moderately complex cybersecurity problems that require an appropriate level of knowledge of the subject matter for effective implementation

·        Serves as the IT security POC for assigned systems to ensure information systems comply with applicable policies

·        Ensures security activities are implemented throughout the entire SDLC, including during system changes and modifications

·        Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings.

·        Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle

·        Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated

·        Ensures all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).

·        Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Testing, POA&Ms, and incident reports.

Requirements

• At least 2+ years of related experience
• Detailed knowledge of NIST SP 800-53 Rev. 4 & 5, Security Policies, NIST Risk Management Framework, Security Planning and Architecture, Incident Analysis, and General Security Best Practices
• Knowledge of NIST regulatory compliance requirements
• Deep knowledge of the information security principles
• Experience developing Information Security policies and procedures
• Experience performing A&As and supporting the Risk Management Framework lifecycle
• Ability to communicate, both written and orally, to both technical and non-technical stakeholders
• Strong written and oral communication skills to interact with senior managers, junior staff, and business unit (non-technical) customer

Benefits

Benefits Include:

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.