Aerojet Rocketdyne
Senior Analyst, Security Information Systems Mgmt (ISSM) 1
Aerojet Rocketdyne, Camden, Arkansas, United States,
Job Title: Senior Security Analyst
Job ID: 10473
Job Location: Camden, AR
Job Schedule: 4/10 - 10 hours Monday - Thursday
TYPICAL RESPONSIBILITIES
This Security classification assumes the responsibilities associated with the role of Information Systems Security Manager (ISSM). These positions oversee the development, implementation, evaluation, and certification and accreditation of classified information systems. and interface with management and maintain liaison with US Government information assurance oversight agencies and prime/subcontractors; interpret government and company policy to ensure compliance with Cognizant Security Agency (CSA) requirements for classified information systems and/or networks of varying complexity; provide information security guidance and direction to program and engineering management and end users which may include making recommendations on process tailoring; and establish and maintain required training and information security compliance deliverables. These positions are responsible for publicizing and submitting government Risk Management Framework (RMF) compliant, clear and effective written plans, procedures, and instructions; and sustaining compliance with all aspects of government approved plans throughout system and program life cycles. In order to establish and maintain strict program control, process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits may be required. May assist security management with the preparation of facility accreditation packages and site specific security plans; including but not limited to physical security requirements. May assist security management in the maintenance and accountability of electronic communication equipment and additional document control.
100% - Responsibilities of the ISSM include, but are not limited to:
Developing, maintaining, and overseeing the system security program and policies for their assigned facility or area of responsibilityEnsuring compliance with current government security policies, concepts, and measures when working with stakeholders to design and develop new systemsDeveloping and implementing an effective system security education, training, and awareness programMaintaining a working knowledge of system functions, security policies, technical security safeguards, and operational security measuresIdentifying and mitigating system vulnerabilities based on risk and impactDeveloping, maintaining, and updating Plans of Actions, and Milestones (POA&M) in order to identify system weaknesses, mitigation, and timelines for applying corrective actions.Certifying to government Authorizing Officials (AOs) that the requirements and procedures listed within the security plan are in accordance with contractually imposed regulations (NISPOM, NIST SP 800-53, DAAPM, JSIG, etc.)Ensuring systems are operated and maintained in accordance with the Security Plan and government issued Authorization to Operate (ATO)Ensuring audit records are collected and analyzedObtaining and maintaining NISP Enterprise Mission Assurance Support Service (eMASS), and/or applicable government system access, in order to effectively manage all security authorizations for systems under their purviewManaging, maintaining, and executing the continuous monitoring strategyConducting periodic assessments of systems and ensuing corrective actions are taken for all vulnerabilities and findings
A Bachelor's degree in an appropriate discipline and six (6) years of directly related experience, or equivalent combination of education and experience.
*DOD 8570.1 Certified (Level II or higher); Security+ or Certified Information Systems Security Professional (CISSP) or other applicable 8570.1 certifications required
Required Competencies
Knowledge of:
And experience with classified processing environments of varying complexityGovernment compliance, regulations, and standards (NISPOM, DAAPM, RMF, JSIG, NIST 800-53)Applicable regulations, practices and requirements of the government, customer, and the CompanySecurity requirements, clearances, and proceduresApplicable network, systems, hardware and software programsVarious communication protocolsGood decision-making and analytical skills
Job ID: 10473
Job Location: Camden, AR
Job Schedule: 4/10 - 10 hours Monday - Thursday
TYPICAL RESPONSIBILITIES
This Security classification assumes the responsibilities associated with the role of Information Systems Security Manager (ISSM). These positions oversee the development, implementation, evaluation, and certification and accreditation of classified information systems. and interface with management and maintain liaison with US Government information assurance oversight agencies and prime/subcontractors; interpret government and company policy to ensure compliance with Cognizant Security Agency (CSA) requirements for classified information systems and/or networks of varying complexity; provide information security guidance and direction to program and engineering management and end users which may include making recommendations on process tailoring; and establish and maintain required training and information security compliance deliverables. These positions are responsible for publicizing and submitting government Risk Management Framework (RMF) compliant, clear and effective written plans, procedures, and instructions; and sustaining compliance with all aspects of government approved plans throughout system and program life cycles. In order to establish and maintain strict program control, process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits may be required. May assist security management with the preparation of facility accreditation packages and site specific security plans; including but not limited to physical security requirements. May assist security management in the maintenance and accountability of electronic communication equipment and additional document control.
100% - Responsibilities of the ISSM include, but are not limited to:
Developing, maintaining, and overseeing the system security program and policies for their assigned facility or area of responsibilityEnsuring compliance with current government security policies, concepts, and measures when working with stakeholders to design and develop new systemsDeveloping and implementing an effective system security education, training, and awareness programMaintaining a working knowledge of system functions, security policies, technical security safeguards, and operational security measuresIdentifying and mitigating system vulnerabilities based on risk and impactDeveloping, maintaining, and updating Plans of Actions, and Milestones (POA&M) in order to identify system weaknesses, mitigation, and timelines for applying corrective actions.Certifying to government Authorizing Officials (AOs) that the requirements and procedures listed within the security plan are in accordance with contractually imposed regulations (NISPOM, NIST SP 800-53, DAAPM, JSIG, etc.)Ensuring systems are operated and maintained in accordance with the Security Plan and government issued Authorization to Operate (ATO)Ensuring audit records are collected and analyzedObtaining and maintaining NISP Enterprise Mission Assurance Support Service (eMASS), and/or applicable government system access, in order to effectively manage all security authorizations for systems under their purviewManaging, maintaining, and executing the continuous monitoring strategyConducting periodic assessments of systems and ensuing corrective actions are taken for all vulnerabilities and findings
A Bachelor's degree in an appropriate discipline and six (6) years of directly related experience, or equivalent combination of education and experience.
*DOD 8570.1 Certified (Level II or higher); Security+ or Certified Information Systems Security Professional (CISSP) or other applicable 8570.1 certifications required
Required Competencies
Knowledge of:
And experience with classified processing environments of varying complexityGovernment compliance, regulations, and standards (NISPOM, DAAPM, RMF, JSIG, NIST 800-53)Applicable regulations, practices and requirements of the government, customer, and the CompanySecurity requirements, clearances, and proceduresApplicable network, systems, hardware and software programsVarious communication protocolsGood decision-making and analytical skills