Job Description:
ISSO reviews (RMF) Assessment and Authorization documentation, standard operating procedures, policies, and security instructions for both networked and stand-alone computer systems and provides oversight and guidance for multiple systems. Reports to a more-senior-level Project Manager. Position is on-site, with some telework potentially available as agreed upon by Government Customer.
Principal Duties and Responsibilities
- Cyber Security policy, procedures, and regulations to assist with identifying potential Cyber Security issues.
- Review/complete RMF packages to include System Categorizations, Security Plan, and Authorization Packages (A&A, Assess Only).
- Monitor, evaluate, and maintain systems and procedures to safeguard information systems, networks, and databases.
- Implement, enforce, communicate, and develop security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/ awareness programs.
- Establish and satisfy system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Assist Organization Information System Owner in daily RMF duties.
- Prepare department and organization level specific reports as required by government or customer.
- Serve as liaison between department and other departments as well as with outside customers, regulatory personnel, etc.
- Prepare and deliver synchronization briefings and status updates to Government Customer(s).
- Monitor and determine system categorization in accordance with NIST SP 800-59, NIST SP 800-60, FIPS 199, and/or CNSSI 1253 (as applicable) in areas of Confidentiality, Integrity, and Availability (CIA) and coordinate approval.
- Assist in the development and maintenance of the RMF package as required. This includes updating/maintaining Enterprise Mission Assurance Support Service (eMASS) entries on all required and applicable RMF controls.
- Participate in teleconferences, working groups, and integrated product teams (e.g. Milestone Reviews, Configuration Management, etc.) as directed by the Government.
- Coordinate and collaborate with external stakeholders to enhance security posture.
- Monitor system changes through continuous monitoring practices to determine if changes to specific configurations require the implementation of, or modification to, existing, specialized solutions, such as Cross Domain Solution (CDS) or Host Based Security System (HBSS), etc.
- Develop Risk Assessment memorandums (RAMs) as required, with the scheduling and coordination of a Security Compliance Review.
- Maintain Plan of Action & Milestones (POA&M) as required, including updates involving IAVAs, STIGs, and Bulletins as they occur.
- Provide continuous monitoring subject matter expertise including technical analysis on assigned systems for system modifications, upgrades, system interoperability, and software configuration or baseline enhancements to determine compliance issues, schedule impacts, and impacts requiring modification to relevant documentation and accreditations.
- Analyze and evaluate process improvement issues concerning the application of evolving technologies, to assess any resulting impacts to the security posture of the system, and to identify potential mitigations that would allow application and integration of the technologies without compromise of the system’s security posture.
- Participate in various system life-cycle meetings, telecoms, and other forums that impact the program risk from a technical standpoint, or upon request by the Government Lead.
At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here.
Required Skills
Required Experience
- Bachelor’s Degree in related field, or equivalent experience. Minimum of 3 related certifications may be used in place of related academic field.
- Minimum of 10 plus years of work-related experience.
- Ability to obtain/maintain a Secret security clearance; US citizenship required.
- DoD 8140 Information Assurance IAT/IAM level II certification.
- Experience supporting DoD RMF process.
- Ability to clearly present and communicate technical approaches and findings.
Preferred Qualifications
- Advanced degree preferred.
- Active Secret clearance.
- DoD 8140 IAT/IAM level III certification.
- Experience supporting Army Materiel Command RMF process.
- Experience supporting Other Army RMF Processes.
- Experience supporting Department of Defense RMF Processes.
Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.