Information System Security Officer (ISSO)/RMF Analyst

Job Description

Job Description:

ISSO reviews and creates Risk Management Framework (RMF) Certification and Accreditation documentation, standard operating procedures, policies, and security instructions for both networked and stand-alone computer systems and provides oversight and guidance to the development program office for multiple Platform IT systems. This position is onsite at Fort Eustis, VA.

Principal Duties And Responsibilities

• Cyber Security policy, procedures, and regulations to assist with identifying potential Cyber Security issues.
• Work within a Program Office to support Assessment and Authorization (A&A) for Platform IT (PIT) systems during the acquisition process to include identifying cybersecurity requirements.
• Review/complete RMF packages to include System Categorizations, Security Plan, and Authorization Packages (A&A, Assess Only, Type Authorization).
• Assist with updating or creating Contract Data Requirement Lists (CDRL), Performance Work Statements (PWS), and other procurement artifacts to ensure they contain the appropriate cybersecurity requirements to be met by system developers.
• Assist the program office during execution of System Requirements Review (SRR), System Design Review (SDR), Preliminary Design Review (PDR), and Critical Design Review (CDR) to ensure that cybersecurity requirements are included and satisfied by system developers.
• Review and assist with developing fielding guides for addressing implementation of cybersecurity requirements when systems are sent from the program office to the gaining organization.
• Monitor, evaluate, and maintain systems and procedures to safeguard information systems, networks, and databases.
• Develop, implement, enforce, and communicate security policies or plans for data, software applications, hardware, telecommunications, and information systems security education / awareness programs.
• Establish and satisfy system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Assist Information System Security Manager and System Owner in daily RMF duties.
• Prepare department specific reports as required by government or customer.
• Serve as liaison between department and other departments as well as with outside customers, regulatory personnel, etc.
• Create and maintain enterprise Mission Assurance Support System (eMASS) records.
• Create or maintain a variety of DOD, Army, and RMF documentation (including but not limited to Security Plans (SP), Configuration Management Plans (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Access Control Policies, Authorization Boundary Diagrams, and other Assessment & Authorization (A&A) artifacts.
• Identify the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems.
• Identify and properly document deviations, vulnerabilities, and mitigations on the system Plan of Actions and Milestones (POA&M).
• Use a variety of cybersecurity tools that include, but are not limited to, enterprise Mission Assurance Support System (eMASS), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS) Nessus Vulnerability Scanner, Evaluate-STIG, eMASSter, DISA STIG Viewer, etc.
  
  

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits

Required Experience

Required Qualifications

One Of The Following Combinations Of Education/experience

• Associate's degree in related field and 12 years of related experience OR
• Bachelor's degree in related field and 8 years of related experience OR
• Masters degree in related field and 6 years of related experience
• Minimum of 3 related certifications may be used in place of unrelated degree field.
• Strong knowledge base preferred in the areas of: real-time security situational awareness, operational network systems, and security monitoring
• Ability to clearly present and communicate technical approaches and finding
• Current CAP, CASP, CISM, or CISSP certification
• Must have a minimum of a Secret Security Clearance with the ability to obtain a TS/SCI clearance
  

Preferred Qualifications

• Bachelors degree or higher in related field
• Experience supporting the Army RMF process
• Experience supporting DoD RMF processes
• Experience supporting USASOAC entities
• Active TS/SCI clearance
  
  

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.