UIC Government Services and the Bowhead Family of Companies
Sr. Information Systems Security Specialist
UIC Government Services and the Bowhead Family of Companies, Alexandria, Virginia, 22350
Overview SR. INFORMATION SYSTEM SECURITY OFFER (HITS-R): Bowhead seeks a Sr. Information System Security Officer to support the High Performance Computing Modernization Program (HPCMP) Integrated Technical Services -Restricted (HITS-R) contract located in Fort Belvoir, VA. Bowhead will provide the High Performance Computing Modernization Program (HPCMP) with technical and professional support elements required for the operation of the HPCMP Office (HPCMPO) in all phases of planning and execution of its mission, including: technical and administrative support in all areas of program activity, program management support, meeting facilities and office environment, to include a complete telecommunications and computer systems capability and full logistical services. Responsibilities • Assist the ISSMs in meeting their duties and responsibilities. • Implement and enforce all DoD IS cybersecurity policies and procedures, as defined by cybersecurity-related documentation to include the Risk Management Framework (RMF) and applicable overlays. • Ensure that all users have the requisite security clearances and access authorization, and are aware of their cybersecurity responsibilities for DoD IS systems under their purview before being granted access to those systems and according to the agreed upon Service Level Agreements (SLA). • In coordination with the respective ISSMs, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered and ensure process is in place for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO. • Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals. • Develop procedures to ensure system users are aware of their CS responsibilities before granting access to DoD information Systems. Process and review DD-2875s. • Support Risk Management Framework (RMF) system categorization process and memorandum for Confidentiality, Integrity, and Availability impact level determinations • Ensure that CS requirements are integrated into the Continuity of Operations Plan (COOP) for that system or DoD Component. • Ensure that CS security requirements are appropriately identified in computer environment operation procedures. • Develop security requirements and maintain list of hardware, software, and services acquisitions specific to CS security programs. • Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate security configuration guidelines, policies, and procedures. • Create and review System Security Plans (SSP), as required • Prepare for Assess and Authorize (A&A) and Security Control Assessor (SCA) validations and/or inspections and ensure that CS inspections, tests, and reviews are coordinated. • Prepare and maintain documents and artifacts for the Assess and Authorize (A&A), Authority to Connect (ATC), Assess Only (AO), Interim Authority to Test (IATT) and Security Control Assessor-Validator (SCA-V) inspections and ensure that CS inspections, tests, and reviews are implemented. • Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in HPCMP program documents. • Advise the Authorizing Official/Authorizing Official Designated Representative and Security Control Assessor (SCA) of any changes affecting the enclave's CS risk level and security posture. • Ensure IAT Levels I - III, IAM Levels I and II, and anyone with privileged access performing IA functions receive the necessary initial and sustaining CS training and certification(s) to carry out their CS duties. Ensure that the Program's supported users receive initial and annual CS Awareness training by verifying completion in ATCTS. • Analyze identified security strategies and recommend the best approach or practice for the enclave. • Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. • Monitor and evaluate the effectiveness of the enclaves' CS security procedures and safeguards to ensure they provide the intended level of protection. • Ensure that implementation and verification of compliance with the command's or organization's SOP address the reporting of security violations and incidents to the servicing Cybersecurity Service Provider (CSSP). • Evaluate and approve development efforts follow the Interim Authority to Test (IATT) and/or the Assess Only process to ensure that baseline security safeguards are appropriately installed and mitigated. Qualifications BA/S in Computer Science, Information Systems, Engineering, Business, or other related field is required. A combination of experience and education may be accepted in lieu of degree. Four years (4) of relevant technical experience is required. Intermediate-to-advanced level skills in Microsoft Office software suite Word, Excel, Outlook, and PowerPoint. Ability to communicate effectively with all levels of employees and outside contacts. Strong interpersonal skills and good judgment with the ability to work alone or as part of a team. Physical Demands: • Must be able to lift up to 25 pounds • Must be able to stand and walk for prolonged amounts of time • Must be able to twist, bend, and squat periodically SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret level, may be required to obtain a Top Secret/SCI clearance upon hire. US Citizenship is a requirement for Top Secret clearance at this location. LI-KC1 Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant’s resume/application may be subject to verification. Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes. UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity Posters provided by OFCCPhere (https://www.dol.gov/agencies/ofccp/posters) . All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/). The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs. Join our Talent Community Join our Talent Community (https://talentconnect.uicalaska.com/government-services/talentcommunity) to receive updates on new opportunities and future events. ID 2024-21727 Category Cybersecurity/Information Security Location : Location US-VA-Alexandria Clearance Level Must Be Able to Obtain Top Secret Minimum Clearance Required Top Secret Travel Requirement N/A