This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
People, Technology And Processes - Montgomery, AL
posted 2 months ago
About the position
The Information Assurance III (ISSO) position at Maxwell/Gunter Airforce Base, AL, is responsible for ensuring the security and compliance of classified information systems. The role involves assessing cybersecurity risks, implementing security measures, and maintaining compliance with government standards. The ISSO will manage a team to facilitate the execution of the Risk Management Framework (RMF) and will be involved in various security assessments and audits to protect sensitive information.
Responsibilities
- Prior experience as an Information System Security Officer (ISSO) or Information System Security Manager (ISSM) supporting classified programs.
- Assess and document test or analysis data to show cybersecurity compliance.
- Perform security analysis of operational and development environments, threats, vulnerabilities, and internal interfaces to define and assess compliance with accepted industry and government standards.
- Implement the Assessment and Authorization (A&A) processes under the Risk Managed Framework (RMF) for new and existing information systems.
- Maintain a current authorization to operate (ATO) and approval to connect (ATC) if required, and implement corrective actions identified in the plan of action and milestones.
- Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), and Risk Acceptance Letters.
- Develop an Information System Continuous Monitoring (ISCM) strategy and monitor any proposed or actual changes to the system and its environment to maintain compliance.
- Audit systems to ensure security posture integrity.
- Conduct assessments and test/analysis data to document state of compliance with security requirements.
- Conduct risk assessments and investigations, recommend implementation of risk mitigations, and coordinate incident response activities.
- Conduct periodic hardware/software inventory assessments.
- Supervise the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines, and procedures.
- Manage assigned team to facilitate effective execution of Risk Management Framework (RMF).
- Coordinate and participate in security assessments and audits.
- Prepare, review, and present technical reports and briefings.
- Register, maintain, verify, submit exceptions, conduct annual review, or decommission systems ports, protocols, and services (PPS) as necessary to ensure compliance with the DoD PPS Category Assurance List (CAL) and DoD PPS Vulnerability Assessment reports.
Requirements
- High School diploma or GED.
- 5+ years of experience with DoD cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. NIST SP 800 series, CNSSI 1253.
- Must possess a Top Secret Clearance with SCI eligibility.
- Certification Authorization Professional (CAP) AND DISA ACAS Supervisor and Operator Course AND DISA Enterprise Mission Assurance Support Service (eMASS) AND (CISSP OR CISM).
- 3+ years of experience in utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, Audit Tools, ESS, eMASS, PPS.
