Information Systems Security Officer |
| Salary Range: | TBD |
| Benefits: | Full Benefits |
| Employment Type: | Full Time |
| Location: | Reston, VA |
| Description: | The NGA Information Assurance Services Program is looking for an experienced Information Systems Security Officer (ISSO) to work as a member of the Information Systems Security Team to provide guidance and support. The ISSO will provide continuous security operations and management support of the information systems at NGA sites. Major duties include review and approval of media requests, equipment, plans and orders; develop and conduct training; oversee compliance and perform audits; identify and resolve problems; perform site and user inspections for compliance; develop and review certification and accreditation packages; maintain, operate, manage and propose changes to automated systems; monitor and archive weekly audit logs; and review and coordinate requests and laptop approvals. Day-to-day activities include: |
| Duties: | - Develop, write and maintain a formal information systems security program that includes all applicable security documentation including but not limited to system security plans (SSPs), System Security Authorization Agreements (SSAAs), network and system diagrams, equipment listings, and other applicable Information System (IS) documentation.
Implement and enforce IS security policies. Transition BRAC systems to IAS Base Labor CLIN 0201, 0301, and 0401 under the Performance Work Statement (PWS) after accreditation of the transitioned BRAC systems. Propose and conduct periodic AIS security reviews to ensure compliance with the SSP. Ensure configuration management (CM) for security-relevant IS software, hardware, and firmware is documented, updated and maintained for the life of the system. Ensure the development of system certification documentation by reviewing and endorsing such documentation and recommending action to the DAA. Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, hard drives, backlighting, decommissioning of systems, media, and output. Maintain as required by the Designated Accrediting Authority (DAA) and other regulatory guidance, a repository provided by NGA for all current and historic system certification documentation and modifications. Respond to security incidents, and for investigating and reporting (to OCIO management, the DAA Representative and to local management) for any security violations and incidents, as appropriate. Ensure proper protection or corrective measures have been taken in accordance with NGA instructions and SOPs for the appropriate functional area when an incident or vulnerability has been discovered within a system. Ensure development and implementation of procedures for authorizing the use of software, hardware, and firmware on the system as required in the C&A process. Ensure the development of system certification documentation by reviewing, testing and verifying such documentation and recommending action through to the DAA. Ensure approved procedures IAW IC and DoD destruction of IT equipment are in place for clearing, purging, declassifying, and releasing system memory, media, and output. This includes VA equipment as well as that of systems in the field.
|
| Qualifications: | Bachelor's degree in IT or related field preferred, plus two to four (2-4) years of related . Five to seven years' related/specialized experience is substitutable for education. Working knowledge of the Federal Information Systems Management Act (FISMA) and with FISMA, OMB, and DCID 6/3 guidelines for Certification and Accreditation of information systems, as well as those for FISMA and OMB reporting. Possess developed analytical, organizational, writing and interpersonal communication skills. Ability to communicate orally and in writing, gather, plan, analyze and present data and supporting analyses, and maintain good working relationships. Must have experience in dealing with database administration and web development. Required Clearance: Top Secret Clearance Desired Skills: Past experience as an Information Systems Security Officer (ISSO) Direct experience performing security engineering/system integration on NGA systems Experience with NGA or NRO (IMINT) Systems NGA ISSR/O certification Knowledge of the NGA Systems Development Lifecycle. |
|
|
|
|
