Donatech
Information System Security Officer (ISSO)
Donatech, Nashua, New Hampshire, us, 03062
Position would require the candidate to be a W2 employee of Donatech.US Citizenship Required.Active Secret Clearance Required.
Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications. This position will work with the Information System Security Manager (ISSM) to maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF). This position supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls. Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site. This means work will be conducted on location at a client facility 100% of the time. Uses computer forensic tools to investigate security incidents. Contains and removes classified data spillage from unclassified systems. Develops procedures to scan portable information systems such as laptops and personal data assistants for use in classified areas and instructs owners of such devices in the correct procedures of using in classified areas. Performs random inspections of these devices and makes judgments as to whether they contain classified information. Conducts Information Systems Security briefings. Prepares security documentation. Develops Information Systems Security databases. If assigned to communications security (COMSEC) oversees COMSEC programs supporting DoD, SAP and SCI programs. Interprets, implements and enforces government and company COMSEC policies and procedures. Coordinates efforts to ensure operability of all COMSEC systems. Responsible for installation, troubleshooting and documentation of secure phones, STU-IIIs, STEs, NES, other controlled cryptographic items, VTCs, modems and faxes. Provides training to employees in the use and protection of cryptographic keying material and equipment. Is the technical point of contact for new communications network projects, upgrades and installs. Participates in secure communications planning meetings and deployment readiness reviews. Coordinates efforts to complete secure communications projects on schedule. Briefs and debriefs COMSEC personnel and sends and receives secure messages. Participates in both internal and external (customer) COMSEC audits • IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months) • High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment • Customer focused, excellent communicator and ability to work with limited supervision. • Strong organizational skills • Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), IT, and program personnel. • Support the ISSM to ensure all security certification and accreditation documents in relation to assigned systems are up-to-date. • Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with applicable security control standards are being implemented and met. • Advanced understanding of computer networks, operations systems, and computer functions. • Coursework in a technical discipline (i.e. programming/scripting, systems administration, cybersecurity/information assurance, etc.) • IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months) • Bachelor's Degree and 4 years work experience in a related field or 8 years of experience in a related field in lieu of degree
Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications. This position will work with the Information System Security Manager (ISSM) to maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF). This position supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls. Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site. This means work will be conducted on location at a client facility 100% of the time. Uses computer forensic tools to investigate security incidents. Contains and removes classified data spillage from unclassified systems. Develops procedures to scan portable information systems such as laptops and personal data assistants for use in classified areas and instructs owners of such devices in the correct procedures of using in classified areas. Performs random inspections of these devices and makes judgments as to whether they contain classified information. Conducts Information Systems Security briefings. Prepares security documentation. Develops Information Systems Security databases. If assigned to communications security (COMSEC) oversees COMSEC programs supporting DoD, SAP and SCI programs. Interprets, implements and enforces government and company COMSEC policies and procedures. Coordinates efforts to ensure operability of all COMSEC systems. Responsible for installation, troubleshooting and documentation of secure phones, STU-IIIs, STEs, NES, other controlled cryptographic items, VTCs, modems and faxes. Provides training to employees in the use and protection of cryptographic keying material and equipment. Is the technical point of contact for new communications network projects, upgrades and installs. Participates in secure communications planning meetings and deployment readiness reviews. Coordinates efforts to complete secure communications projects on schedule. Briefs and debriefs COMSEC personnel and sends and receives secure messages. Participates in both internal and external (customer) COMSEC audits • IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months) • High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment • Customer focused, excellent communicator and ability to work with limited supervision. • Strong organizational skills • Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), IT, and program personnel. • Support the ISSM to ensure all security certification and accreditation documents in relation to assigned systems are up-to-date. • Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with applicable security control standards are being implemented and met. • Advanced understanding of computer networks, operations systems, and computer functions. • Coursework in a technical discipline (i.e. programming/scripting, systems administration, cybersecurity/information assurance, etc.) • IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months) • Bachelor's Degree and 4 years work experience in a related field or 8 years of experience in a related field in lieu of degree