Armada Ltd
Senior Information Systems Security Officer (ISSO)
Armada Ltd, Washington, District of Columbia, us, 20022
Senior Information Systems Security Officer (ISSO)
4251 Suitland Rd, Washington, DC 20395, USALocation:
National Maritime Intelligence Center, Washington, DCOvertime Exempt:
YesReports To:
ARMADA HQSecurity Clearance Required:
Active Top Secret*********************CONTINGENT UPON AWARD******************************Duties & Responsibilities:The Information Systems Security Officer (ISSO) shall coordinate and support the security components of the NAVINTEL ICD 503 Risk Management Framework (RMF) Implementation Policies/Directives and Dept. of Navy (DON) Cyber Security Policies/Directives.The ISSO shall perform automated security scans, using automated tools such as Assured Compliance Assessment Solution (ACAS), Center for Internet Security (CIS) Benchmark, and Security Content Automation Protocol (SCAP), and Retina. Analyze scan results, and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the ISSO.The ISSO shall perform ISSO responsibilities per SECNAV M-5239.2, which includes the primary point of contact for matters on cyber security relating to assigned systems, reviewing audit trail logs and scans, and ensuring systems are maintained per security policies and procedures, and maintaining compliance and reporting weekly findings to Vulnerability Remediation Asset Management (VRAM).The ISSO shall conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DIA, DoD, DoN, DISA, NGA and local authority's security requirements as appropriate.The ISSO shall document results of security requirements analysis, evaluations, alternatives analysis, risk assessments, and other security-related activities performed in support of project tasks and as tasked for approved project requirements.The ISSO shall document and execute a plan for each system to achieve authorization to renew such authorization. Collaborate with information system owners and the engineering team to produce the body of evidence necessary to move through each step of the RMF process, successfully satisfy an independent control assessment and obtain Authorization to Operate (ATO).The Information Systems Security Officer shall prepare Security documentation in support of project tasks and as tasked for approved project requirements, which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product.The ISSO shall coordinate activities with NIA and DISA offices to determine and refine certification testing and documentation requirements that impact products and services, in reference to achieve Certification to Field.The ISSO shall manage systems accreditation processes, using eMass for NIPR and SIPR systems, and Xacta for JWICS systems. Following the RMF process, the ISSO will be required to update and maintain system documentation, update controls, track any Plan of Actions and Milestones (POA&M) items, working with Hopper ISC's Configuration Management (CM) group to register software with DADMS, submit boundary control request (BCRs) for Ports, Protocols and Services (PPSM), and ensure DITPR system registration is complete within the deadline.The ISSO shall monitor and report any IA-relevant issues, including vulnerabilities, exploits, policy changes and best practices.The ISSO shall monitor all A&A Security activities, in accordance with the ICD 503 (RMF) process. The various security activities include, but are not limited to: Security testing, documentation, and reporting activities.Liaison with external organizations necessary to complete product certification tests, site certifications and temporary certifications for testing and exercise.Develop and maintain ISC-specific Certification Test Division plans, processes and procedures.Establish and update security elements in the master schedule.Provide input to project teams during requirements creation, definition, and tracking activities.Perform security "pre-look" scans and testing of prospective new products and report findings.Keep abreast of DISA system configuration and testing guidelines and update practices and procedures as appropriate to incorporate changes.Prepare Security Analysis Memorandums for originating developers if applicable.Register, develop, verify, validate, document, and test the required A&A documentation, procedures, and policies required for the information systems produced and deployed within the Government's systems and applications and across NAVINTEL.The ISSO shall provide assessment and authorization requirements and documents shall be prepared IAW NAVINTEL ICD 503, DoD, and DISA security requirements as applicable for the system undergoing assessment/certification.The ISSO shall prepare technical and miscellaneous reports to document progress and key decisions and provide reports with current status of tasks.The ISSO shall coordinate with the Government to define and produce system certification and accreditation documents. The A&A documentation required for accreditation shall be compliant with the requirements stated in the ICD 503 and shall follow the direction and guidance provided in the Designated Accrediting Authority (DAA) or Designated Authorizing Official-approved assessment and authorization process.The ISSO shall provide the list of security documents and materials contained in Attachment 1 (Certification and Accreditation Checklist) will also be required. Changes to security authorization and policy may alter these requirements in the future.The ISSO shall coordinate with Hopper ISC Project Managers (when necessary) and Maritime Intelligence Element (MIE) Product Owner during project planning and execution activities. Provide input to project plans and project status in accordance with documented processes. Manage, monitor, and mitigate risks during project execution.The ISSO shall ensure scheduled milestones are met, and when they cannot be, immediately inform and work with the Information System Security Manager (ISSM), the Product Owner and the Government to discuss schedule impacts.The ISSO shall keep the Product Owner, TPOC and the Government apprised of the status of all technical activities and immediately alert whenever impacts to cost and schedule are anticipated.The ISSO shall provide a weekly activity report (WAR) to the Contracting Office Representative (COR), and TPOC via the Government.The ISSO shall provide a monthly financial report to the MIE Product Owner and the COR and shall brief a Program Management Report (PMR) of work completed from previous month based cost, schedule and performance.The ISSO shall attend project and information assurance policy implementation meetings and briefings, and develop, provide, and deliver technical, operator, and customer training and briefings to all audience levels.The ISSO shall keep abreast of DoD, DISA, and DoN system configuration and testing guidelines and update practices and procedures as appropriate in incorporating changes.Bachelor's degree in a technical subject.Minimum 7 years' experience.Disclaimer:
The above information has been designed to indicate the general nature and level of work to be performed. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the contractor assigned to this position.
#J-18808-Ljbffr
4251 Suitland Rd, Washington, DC 20395, USALocation:
National Maritime Intelligence Center, Washington, DCOvertime Exempt:
YesReports To:
ARMADA HQSecurity Clearance Required:
Active Top Secret*********************CONTINGENT UPON AWARD******************************Duties & Responsibilities:The Information Systems Security Officer (ISSO) shall coordinate and support the security components of the NAVINTEL ICD 503 Risk Management Framework (RMF) Implementation Policies/Directives and Dept. of Navy (DON) Cyber Security Policies/Directives.The ISSO shall perform automated security scans, using automated tools such as Assured Compliance Assessment Solution (ACAS), Center for Internet Security (CIS) Benchmark, and Security Content Automation Protocol (SCAP), and Retina. Analyze scan results, and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the ISSO.The ISSO shall perform ISSO responsibilities per SECNAV M-5239.2, which includes the primary point of contact for matters on cyber security relating to assigned systems, reviewing audit trail logs and scans, and ensuring systems are maintained per security policies and procedures, and maintaining compliance and reporting weekly findings to Vulnerability Remediation Asset Management (VRAM).The ISSO shall conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DIA, DoD, DoN, DISA, NGA and local authority's security requirements as appropriate.The ISSO shall document results of security requirements analysis, evaluations, alternatives analysis, risk assessments, and other security-related activities performed in support of project tasks and as tasked for approved project requirements.The ISSO shall document and execute a plan for each system to achieve authorization to renew such authorization. Collaborate with information system owners and the engineering team to produce the body of evidence necessary to move through each step of the RMF process, successfully satisfy an independent control assessment and obtain Authorization to Operate (ATO).The Information Systems Security Officer shall prepare Security documentation in support of project tasks and as tasked for approved project requirements, which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product.The ISSO shall coordinate activities with NIA and DISA offices to determine and refine certification testing and documentation requirements that impact products and services, in reference to achieve Certification to Field.The ISSO shall manage systems accreditation processes, using eMass for NIPR and SIPR systems, and Xacta for JWICS systems. Following the RMF process, the ISSO will be required to update and maintain system documentation, update controls, track any Plan of Actions and Milestones (POA&M) items, working with Hopper ISC's Configuration Management (CM) group to register software with DADMS, submit boundary control request (BCRs) for Ports, Protocols and Services (PPSM), and ensure DITPR system registration is complete within the deadline.The ISSO shall monitor and report any IA-relevant issues, including vulnerabilities, exploits, policy changes and best practices.The ISSO shall monitor all A&A Security activities, in accordance with the ICD 503 (RMF) process. The various security activities include, but are not limited to: Security testing, documentation, and reporting activities.Liaison with external organizations necessary to complete product certification tests, site certifications and temporary certifications for testing and exercise.Develop and maintain ISC-specific Certification Test Division plans, processes and procedures.Establish and update security elements in the master schedule.Provide input to project teams during requirements creation, definition, and tracking activities.Perform security "pre-look" scans and testing of prospective new products and report findings.Keep abreast of DISA system configuration and testing guidelines and update practices and procedures as appropriate to incorporate changes.Prepare Security Analysis Memorandums for originating developers if applicable.Register, develop, verify, validate, document, and test the required A&A documentation, procedures, and policies required for the information systems produced and deployed within the Government's systems and applications and across NAVINTEL.The ISSO shall provide assessment and authorization requirements and documents shall be prepared IAW NAVINTEL ICD 503, DoD, and DISA security requirements as applicable for the system undergoing assessment/certification.The ISSO shall prepare technical and miscellaneous reports to document progress and key decisions and provide reports with current status of tasks.The ISSO shall coordinate with the Government to define and produce system certification and accreditation documents. The A&A documentation required for accreditation shall be compliant with the requirements stated in the ICD 503 and shall follow the direction and guidance provided in the Designated Accrediting Authority (DAA) or Designated Authorizing Official-approved assessment and authorization process.The ISSO shall provide the list of security documents and materials contained in Attachment 1 (Certification and Accreditation Checklist) will also be required. Changes to security authorization and policy may alter these requirements in the future.The ISSO shall coordinate with Hopper ISC Project Managers (when necessary) and Maritime Intelligence Element (MIE) Product Owner during project planning and execution activities. Provide input to project plans and project status in accordance with documented processes. Manage, monitor, and mitigate risks during project execution.The ISSO shall ensure scheduled milestones are met, and when they cannot be, immediately inform and work with the Information System Security Manager (ISSM), the Product Owner and the Government to discuss schedule impacts.The ISSO shall keep the Product Owner, TPOC and the Government apprised of the status of all technical activities and immediately alert whenever impacts to cost and schedule are anticipated.The ISSO shall provide a weekly activity report (WAR) to the Contracting Office Representative (COR), and TPOC via the Government.The ISSO shall provide a monthly financial report to the MIE Product Owner and the COR and shall brief a Program Management Report (PMR) of work completed from previous month based cost, schedule and performance.The ISSO shall attend project and information assurance policy implementation meetings and briefings, and develop, provide, and deliver technical, operator, and customer training and briefings to all audience levels.The ISSO shall keep abreast of DoD, DISA, and DoN system configuration and testing guidelines and update practices and procedures as appropriate in incorporating changes.Bachelor's degree in a technical subject.Minimum 7 years' experience.Disclaimer:
The above information has been designed to indicate the general nature and level of work to be performed. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the contractor assigned to this position.
#J-18808-Ljbffr