Job Title: Information Systems Security Officer (ISSO)
Top Secret Clearance Required
Location: Tempe, Arizona
Job Type: Direct Hire
Job Description
Keeping our systems, technology, and employees safe is a key priority for our client. As a member of the Information Assurance team, you will focus on the day-to-day information system security requirements, serve as a Subject Matter Expert (SME) in the Information Assurance realm, and provide innovative solutions to complex problems.
The Day-to-Day
- Work independently as well as with a team of Information Assurance Professionals.
- Responsible for ensuring Information System Compliance with the potential to span multiple business areas or programs.
- Assess, document, and recommend controls based on a thorough understanding of RMF, NISPOM, and other NISP regulatory requirements, and determine which controls are applicable to the application, as well as document implementation in the Security Controls Traceability Matrix (SCTM).
- Document compliance actions within the approved automated compliance tracking system or develop a Plan of Actions and Milestones (POA&M) to address non-compliance.
- Participate in internal/external security audits/inspections; perform risk assessments and continuous monitoring.
- Ensure systems are operated, maintained, and disposed of in accordance with the governing authority approved authorization package and customer directives.
- Develop procedures and documentation to ensure compliance with Configuration Management (CM) for security-relevant IS software, hardware, and firmware.
- Ensure proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered. Follow up to ensure completion and quality resolution.
- Assess and revise policies and procedures as needed to improve the quality, timeliness, and efficiency of work.
What You'll Need
- Bachelor’s degree or equivalent experience.
- 3+ years as an Information System Security Officer (ISSO) in a DoD, IC, or other industrial security program and in-depth understanding of DoD 8500 series, NIST 800 series, ICD 503, and Joint Special Access Program Implementation Guide (JSIG), along with an overall understanding of the DoD Risk Management Framework (RMF) process.
- Experience working with vulnerability and compliance scanning tools (e.g., Nessus, SCAP, ACAS).
- Familiarity with network technologies (LAN & WAN) and best practices within a classified environment, including crypto and key management.
- Working knowledge of Microsoft Windows operating systems (workstation & server), Linux, and system virtualization in a secure network environment.
- Strong written communication and organizational skills.
- Interpersonal skills to deal courteously and effectively with a diverse group of individuals.
- Ability to work well under pressure and possess advanced problem-solving skills.
- Possess a current DoD 8570.1/DoD 8140.01 Certification – Security+ CE at a minimum.
- Active Top Secret Security Clearance with SCI eligibility.
