USAFA Information System Security Officer

SiloSmashers, Inc. is a strategy, technology, and management consulting firm, founded in 1992, and located in Reston, Virginia. SiloSmashers delivers superior services and solutions to the public sector in the areas of project/program management, performance management, and IT security. The company provides innovative, collaborative business approaches, and proven methodologies that enable customers to break down organizational silos and optimize operational efficiency to achieve peak performance and mission success. Come join our team!

BACKGROUND

SiloSmashers is seeking an experienced Senior ISSO to join its growing contract supporting a federal government agency.

The candidate shall be skilled and capable of performing the role of ISSO for the USAFA. The ISSO shall be responsible for ensuring the appropriate operational security posture is maintained for USAFA IT systems. This includes, but not limited to, responsibilities established in DoDI 8500.01, AFI 17-101 and the activities related to maintaining situational awareness and initiating actions to improve or restore cybersecurity posture. The candidate will be responsible for multiple systems and drive all aspects to attain a new Authority to Operate (ATO) designation or maintain current ATO designation. The candidate will possess detailed knowledge and expertise to manage security aspects of information systems, including physical security, personnel security, incident handling, and security awareness and training.

• Assist the ISSMs in meeting their duties and responsibilities
• Implement and enforce all DoD IS and PIT system cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
• Ensure that all users have the requisite security clearances and access authorization, and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.
• In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered and ensure that a process is in place for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO.
• Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals.

The ISSO role supports multiple projects and the successful candidate is expected to be highly organized, have the wherewithal to prioritize, over-communicate, plan and tightly coordinate with a variety of stakeholders, while driving day-to-day work to completion.

The ideal candidate will be self-driven, possess the inherent interest to continue learning new technologies to solve problems and have a collaborative and continual improvement mindset in all facets of the role.

QUALIFICATIONS:

• Drives full lifecycle activities towards conducting assessment and authorization for assigned systems
• Drives full lifecycle activities towards new or maintained ATO attainment and is familiar with the NIST RMF framework
• Serve as the Alternate ISSO (AISSO) for designated systems
• Experience assembling integrated project teams (IPT) to include engineering, compliance, privacy, Project Management Office (PMO), information assurance teams to drive efficiencies and identify risks early and often.
• Develops and updates the System Security Plan and ensures compliance with higher level Component objectives.
• Coordinate vulnerability and remediation scans for assigned systems and ensuring systems are online for scans and updates.
• Manages and controls changes to the system and assesses security impact of those changes.
• Coordinates with external agencies and assists in the preparation of the ISA to ensure all external connections meet protection requirements and are documented in the Security Plan, Risk Assessment, and security operating procedures.
• Collects, organizes, reviews, maintains, and approves all data and information required to ensure Certification and Accreditation (C&A) requirements are met for each test activity.
• Documentation shall include applicable national, service and local security requirements, checklists, security plan, training plan, concept of operations, contingency plans, standard operating procedures, compliance checklist, source code evaluation and all other required information.

SOFT SKILLS:

• Critical thinking, analytical thinking,
• Inherent experience with collaborating with cross-functional teams within the organization, and other offices to ensure the integration and compatibility of network solutions with other IT systems and applications.
• Strong "solutions-oriented" and collaborative mindset to drive solutions and execution for the good of the mission and team.
• Excellent written and verbal communication skills; ability to understand and effectively communicate technical concepts in a compelling, persuasive manner to non-technical persons.
• Excellent ability to interact skillfully and diplomatically with numerous counterparts and build rapport, including contract stakeholders, government representatives and vendors.
• Proven proficiency facilitating challenging conversations across all levels of the organization.
• Solid goal-oriented thinking, while possessing the business acumen to align projects to business outcomes.
• Flexibility and ability to swiftly adapt to a customer environment and positively integrate oneself.
• Strong analytical, problem-solving, and decision-making capabilities, with a data-driven mindset
• Team player with the ability to work in a fast-paced environment with a continuous process improvement culture Demonstrated outstanding level of professionalism in providing project review support, including ability to exercise good judgment, discretion, tact, and diplomacy.
• Sound business ethics, including the protection of proprietary and confidential information.

POSITION REQUIREMENTS

• Must be a U.S. Citizen
• IT Tier 3 security background investigation/clearance to match the designation of the system assigned.
• At least 3 years performing information assurance audits, C&A and protective or corrective measures
• ONE of the following three certifications:
  • Certified in Governance Risk and Compliance (CGRC/CAP)
  • Cloud Certified Security Professional (CCSP)
  • System Security Certified Practitioner (SSCP)
  • GAIC Security Essentials (GSEC)
  • CompTIA Cloud Plus (Cloud+)
  • CompTIA Security Plus (Security +)
  • CompTIA Advanced Security Practitioner (CASP+)

Pluses:

• Currently supporting a DoD System
• Previous experience supporting a DoD System
• Possesses an active IT Tier 3 security background investigation/clearance