|Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level. |
The ISSO is the principal point of contact for information assurance activities at the IT system level. The ISSO is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
1. Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities;
2. Must understand software development lifecycle fundamentals and provide appropriate information security guidance to system owners of major applications and development environments
3. Must be familiar with development applications and development environments and understand risks and vulnerabilities as it relates to information security
4. Assist in the development of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance;
5. Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations;
6. Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and
7. Provide expertise in classified and unclassified ratings to customers.
8. Work closely with Certifiers to navigate the TSA Certification & Accreditation process and produce all appropriate accreditation documentation.
Must possess 5 years of related security experience. Bachelor's Degree preferred. Must possess experience with FIPS 199 and NIST standards. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications.
Strong communication, interpersonal and client-facing skills required.