Information System Security Officer with Security Clearance
eTRANSERVICES
2024-09-21 04:41:22
San Antonio,
Texas,
United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
As an Information System Security Officer, you will play a critical role in ensuring the security posture of the organization's information systems. Your responsibilities include continuous coordination with cybersecurity personnel, meeting training and certification requirements, and enforcing cybersecurity policies and procedures. You will maintain situational awareness, initiate actions to improve or restore security postures, and implement protective measures for cybersecurity incidents. Ensuring that all users have the necessary security clearances and training, maintaining current and accessible cybersecurity documentation, and conducting regular security evaluations are also key aspects of this role. Additionally, you will ensure compliance with IAVM dissemination, reporting, and compliance procedures. You will tailor security controls to meet the specific needs of each system, considering data sensitivity, risk profiles, and categorization according to established frameworks. Creating continuous monitoring and assessment plans, developing and implementing incident response and recovery plans, and maintaining comprehensive RMF documentation are essential duties. As the Cybersecurity Specialist, you will be responsible for preparing and maintaining system security plans, security assessment reports, and other necessary documentation, with timelines for achieving RMF accreditation and authorization to operate (ATO) set after thorough assessments. Your efforts will ensure the robust protection and resilience of the organization's information systems. Certification, Education and Clearance Requirements: BA/BS in related field of study and 5+ years of experience working as an Information Systems Security Officer or related cybersecurity position.
Training and Certification: Meet the training and certification requirements of DA PAM 25-2-6 for IAM II.
Clearance Requirement: Possess and maintain a Secret level clearance for the duration of your time supporting the program. Position Duties: Continuous Coordination: Ensure continuous coordination with organizational cybersecurity personnel for systems that are demonstrated, tested, or fielded.
Operational Security Posture: Maintain the appropriate organizational operational security posture for assigned Army IS.
Situational Awareness: Maintain organizational situational awareness and initiate actions to improve or restore the cybersecurity posture of assigned Army IS.
Assist ISSMs: Assist the ISSMs in meeting their duties and responsibilities and initiate protective measures for cybersecurity incidents.
Policy Implementation: Implement and enforce assigned Army IS cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
User Clearance and Training: Ensure users for Army ISs under the ISSO's purview have the requisite security clearances and access authorization and are aware of their cybersecurity responsibilities before being granted access to those systems. Ensure users receive initial and annual cybersecurity awareness training.
Protective Measures: In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered or reported.
Documentation Management: Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals.
IAVM Procedures: Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
System Security Plans: Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
Security Evaluations: Review and evaluate the effects on security of system changes, including interfaces with other ISs, and document all changes.
Accreditation: Ensure that all ISs within their area of responsibility have received a current ATO. Additional Considerations: Monitoring and Assessment Plan: Experience with creation of a Continuous Monitoring and Assessment Plan is required.
Incident Response: Processes for incident response and recovery need to be developed and implemented.
Documentation: Comprehensive RMF documentation including System Security Plan, Security Assessment Report, Plan of Action and Milestones needs to be developed.
Roles and Responsibilities: Contracted personnel are responsible for preparing and maintaining RMF documentation.
Timeline: The timeline for achieving RMF accreditation and ATO will be set after a full assessment of each RMF.