INFORMATION SYSTEM SECURITY OFFICER

ICF is hiring a clearedInformation Systems Security Officer. This is a fulltime onsite position located at Aberdeen Proving Ground MD. Join us in support of the ArmyProgram Executive Office Intelligence Electronic Warfare and Sensors to assess cybersecurity risks evaluate and test security controls and recommend solutions to enhance the organizations security posture. The role includes reporting findings to management overseeing remediation efforts and potentially leading technical audit teams to assess the effectiveness of cybersecurity governance tools and operations.

Key Responsibilities

• Perform all ISSO duties and responsibilities in DODI 8500.01 DODI 8510.01 and AR 252.

• Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to met Intelligence Community (IC) DoD and Army cybersecurity/information assurance regulations and policies. This includes providing guidance and oversight to vendors and/or the

• Develops reviews evaluates and verifies selftesting results to validate enclave security requirements in accordance with applicable Intelligence Community DoD and Army cybersecurity and Information Assurance (IA) regulations policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS) Cloud OnPrem Tactical etc. within the programs portfolio.

• Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.

• Maintain organizational situational awareness and initiate actions to improve or restore cybersecurity posture of assigned IS.

• Implement and enforce assigned Army IS cybersecurity policies and procedures as defined by cybersecurityrelated documentation.

• Ensure Army IS cybersecurityrelated documentation is current and accessible to properly authorized individuals. Prepare distribute and maintain plans instructions and SOPs concerning system security.

• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS XACTA or other approved A&A tool to include: System Security Plans Risk Assessment Reports System Requirements Traceability Matrices (SCTM) and other documentation as required by ICD 503 NIST 80053 CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO). Direct experience with eMASS XACTA or other A&A repositories required.

• Review unit or product vendor RMF BOE and provide guidance and oversight.

• Fully understand DISA Port Protocol and Services Management (PPSM) requirements and able to obtain PPSM account for management of PPSM for supporting systems.

• Must be willing to travel as needed 25%.

Basic Qualifications

• Bachelors Degree plus 7or more years of directly related experience; or MS degree plus 5or more years of directly related experience.

• Degree must be in Computer Science or a related field (e.g. General Engineering Computer Engineering Electrical Engineering Systems Engineering Cyber SecurityInformation Technology Information Security and Information Systems).

• Active High Level security clearance with SCI and Poly

Additional Required Qualifications

• Primary Certifications DoDI 8570.01 Requirement IAM II certification one or more of the followingrequired: CompTIA Advanced Security Practitioner (CASP) Certified Information Security Manager (CISM) Certified InformationSystems Security Professional (CISSP or Associate)CompTIA Advanced Security Practitioner CASP CE GIAC Security Leadership (GSLC) Certified Chief Information Security Officer (CCISO) Healthcare Security Certification (HCISPP)

• Must also have Linux Certification.

Additional Skills/Experience

• Direct experience with implementation of DODI8500 DODI8510 ICD 503 NIST 80053 CNSSI 1253 Army AR 252 and RMF security control requirements and able to provide technical direction interpretation and alternatives for security control compliance.

• Relevant experience must be in computer or information systems design/development and with information assurance and accreditation processes (e.g. System Security Plans Risk Assessment Reports Certification and Accreditation Packages and System Requirements Traceability Matrices).

#clearance

#LLIC1

#Indeed

#apg

Working at ICF

Pay Range There are multiple factors that are considered in determining final pay for a position including but not limited to relevant work experience skills certifications and competencies that align to the specified role geographic location education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on fulltime employment is: