INFORMATION SYSTEM SECURITY OFFICER (ISSO) III (Req 25 066)

Responsibilities: Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. Ensures compliance with all cybersecurity policies. Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinates cybersecurity processes and activities for assigned systems. Maintains and reports Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers Information System Owners and ISSMs. Provides oversight of Security Plans for assigned systems throughout their lifecycle. Manages and maintains Plan of Actions and Milestones (POA&M) ensuring vulnerabilities are properly tracked mitigated and where possible remediated. Assists with the identification of security control baselines and applicable overlays. Coordinates the validation of security controls with Navy Qualified Validators (NQV). Performs Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicates findings from Package Submitting Officer (PSO). Registers and maintains systems in Enterprise Mission Assurance Support Service (eMASS). Plans and coordinates security control testing during Risk Assessments and Annual Security Reviews. Reports changes in system security posture to the ISSM. Ensures the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy. Reviews all data produced by Continuous Monitoring activities updates the eMASS record as necessary and escalates to leadership for action if required. Correlates findings from non-RMF vulnerability assessments penetration testing Command Cyber Operational Readiness Inspection (CCORI) etc.) to RMF controls for tracking ensuring a holistic risk assessment. Participates in change control and configuration management processes. Maintains vulnerability data in Vulnerability Remediation Asset Manager (VRAM).

Education: Bachelors degree in computer science information technology communications systems management or an equivalent science technology engineering & mathematics (STEM) degree from an accredited institution as recognized by the U.S. Department of Education

Experience: Six (6) years of DoD experience coordinating and enacting required security changes within various levels of an organization ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response

by isolating potentially effected assets initial investigation and data collection through status updates/reporting.

Minimum Certification Requirement: CAP CASP CE CISM CISSP (or Associate) GSLC CCISO or HCISPP is required.

Other: An Active Secret Security Clearance is required.

Benefits Information: We offer a generous benefits package including a 401k with employer match. Full time employees are also eligible for family medical dental and vision benefits; as well as ancillary benefits including life and accidental death and dismemberment insurance; short- and long-term disability; flexible spending accounts; long-term care insurance; and accident hospital and critical illness insurance. Full-time employees are also eligible for 2 weeks vacation leave accrual per year (this accrual increase as tenure with company increases) 7 days sick leave and 11 paid holidays with additional leave time available for bereavement jury duty and military training days throughout the year.