RAND
Information Systems Security Officer (ISSO)
RAND, Pittsburgh, Pennsylvania, us, 15289
Job Type:Regular
Information Systems Security Officer (ISSO)The Information Systems Security Officer (ISSO) is responsible for providing compliance and oversight of all of RAND Corporation's Authorization and Accreditation (A&A) requirements, maintaining policies and procedures in accordance with the Defense Intelligence Agency (DIA), Defense Counterintelligence Security Agency (DCSA), Intelligence Community (IC), and other Department of Defense (DoD) regulations as applicable. Additionally, the position manages the Sensitive Compartmentalized Information (SCI) and Special Access Program (SAP) Information Systems (IS) to ensure that all classified IS remain accredited, executes required functions as defined by the IC, DoD and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the local Information Systems Security Manager (ISSM), Corporate ISSM, Manager, Security Operations, and Executive Director, Security & Classified Operations and Chief Security Officer, and provides services for individuals within the accredited systems.DutiesImplements, monitors and maintains RAND's Security Manual and procedures for DoD, IC and SAP programs and other applicable government sponsor regulationsEnforces corporate policies to support ICD's, DAAPM, JSIG and other CI standards.Enforces compliance with current Security Technical Implementation Guides (STIGs) for all applicable systemsInterfaces with and supports clients in the operation and security of the classified systemsAssists the ISSM in establishing, communicating, and improving the collateral and SCI/SAP Information Systems (IS) Security ProgramResponsible for the preparation and sustainment for internal self-inspections.Assesses changes by performing periodic self-inspections, tests and reviews of the classified IS program to ensure that systems are operating as authorized/accredited and that conditions have not changedParticipates in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for collateral and SCI/SAP systems. Provides budget requirements to the ISSM for the sustainment of the collateral SCI/SAP systemsEnsures protocols are followed for the investigation(s) and resolution of security incidentsCollaborates with the system and network administrators to ensure audit features are configured and enabled correctlyPerforms weekly audits and ensures administrative inquiries/investigations into anomalies found during audit trail analysis are reported to the ISSM for follow on actionsDevelops and implements the System Security Plans (SSP) and addendums for the facilityPerforms other duties as assignedEducationHigh school diploma or GED required. BS/BA degree preferred.ExperienceAt least five years' experience in Information Technology (IT) in a classified environment or as an ISSM/ISSO in government/industrial security leading other security professionalsrequired. At least six years' experience in Information Technology (IT) in a classified environment or as an ISSM/ISSO in government/industrial security leading other security professionalspreferred.Basic QualificationsMust have and maintain a DoD 8570.01-M (Information Assurance Workforce) IAM level 1 certification (e.g. Security+, GSLC, CISM, or CISSP)Experience working with federal/government agencies or defense contractors requiredExperience interfacing with DIA or other government representatives as the ISSM/ISSOPossesses working knowledge of the DoD, DISA, ICDs and associated IC security regulations, policies, STIGs and lawsPossesses extensive working knowledge of multiple federal government network security processes and proceduresEducation in the fields of computer science or engineering for technical project managersTechnical background with understanding or hands-on experience in software development and web technologiesOrganizational skills including attention to detail and multi-tasking skillsIs familiar with encryption technologies, forensics, penetration and vulnerability analysis of various security technologies and information technology security researchPossesses knowledge of Microsoft office products or similar software packagesPossesses a strong understanding of operating system (PC, Mac, Linux) and audit log aggregator softwareAble to configure laptops/desktops, install applications, setup network infrastructure and troubleshoot as requiredPossesses excellent oral and written communications skills required for correspondence, reports, briefings, and proceduresDemonstrates strong customer service skillsMust be able to lift 30 lbs.Must be able to pass a background checkLocationPittsburghSecurity ClearanceMust meet eligibility requirements for access to U.S.government classified informationPositions OpenOneSalary Range:
$85,700 - $127,500RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate's work experience, education/training, skills, expertise; and internal equity.The salary range includes base pay plus RAND's sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet
Information Systems Security Officer (ISSO)The Information Systems Security Officer (ISSO) is responsible for providing compliance and oversight of all of RAND Corporation's Authorization and Accreditation (A&A) requirements, maintaining policies and procedures in accordance with the Defense Intelligence Agency (DIA), Defense Counterintelligence Security Agency (DCSA), Intelligence Community (IC), and other Department of Defense (DoD) regulations as applicable. Additionally, the position manages the Sensitive Compartmentalized Information (SCI) and Special Access Program (SAP) Information Systems (IS) to ensure that all classified IS remain accredited, executes required functions as defined by the IC, DoD and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in support of the local Information Systems Security Manager (ISSM), Corporate ISSM, Manager, Security Operations, and Executive Director, Security & Classified Operations and Chief Security Officer, and provides services for individuals within the accredited systems.DutiesImplements, monitors and maintains RAND's Security Manual and procedures for DoD, IC and SAP programs and other applicable government sponsor regulationsEnforces corporate policies to support ICD's, DAAPM, JSIG and other CI standards.Enforces compliance with current Security Technical Implementation Guides (STIGs) for all applicable systemsInterfaces with and supports clients in the operation and security of the classified systemsAssists the ISSM in establishing, communicating, and improving the collateral and SCI/SAP Information Systems (IS) Security ProgramResponsible for the preparation and sustainment for internal self-inspections.Assesses changes by performing periodic self-inspections, tests and reviews of the classified IS program to ensure that systems are operating as authorized/accredited and that conditions have not changedParticipates in the planning, installation, implementation, upgrade, problem determination and resolution involving software programs, operating systems, computers, printers, scanners, etc. for collateral and SCI/SAP systems. Provides budget requirements to the ISSM for the sustainment of the collateral SCI/SAP systemsEnsures protocols are followed for the investigation(s) and resolution of security incidentsCollaborates with the system and network administrators to ensure audit features are configured and enabled correctlyPerforms weekly audits and ensures administrative inquiries/investigations into anomalies found during audit trail analysis are reported to the ISSM for follow on actionsDevelops and implements the System Security Plans (SSP) and addendums for the facilityPerforms other duties as assignedEducationHigh school diploma or GED required. BS/BA degree preferred.ExperienceAt least five years' experience in Information Technology (IT) in a classified environment or as an ISSM/ISSO in government/industrial security leading other security professionalsrequired. At least six years' experience in Information Technology (IT) in a classified environment or as an ISSM/ISSO in government/industrial security leading other security professionalspreferred.Basic QualificationsMust have and maintain a DoD 8570.01-M (Information Assurance Workforce) IAM level 1 certification (e.g. Security+, GSLC, CISM, or CISSP)Experience working with federal/government agencies or defense contractors requiredExperience interfacing with DIA or other government representatives as the ISSM/ISSOPossesses working knowledge of the DoD, DISA, ICDs and associated IC security regulations, policies, STIGs and lawsPossesses extensive working knowledge of multiple federal government network security processes and proceduresEducation in the fields of computer science or engineering for technical project managersTechnical background with understanding or hands-on experience in software development and web technologiesOrganizational skills including attention to detail and multi-tasking skillsIs familiar with encryption technologies, forensics, penetration and vulnerability analysis of various security technologies and information technology security researchPossesses knowledge of Microsoft office products or similar software packagesPossesses a strong understanding of operating system (PC, Mac, Linux) and audit log aggregator softwareAble to configure laptops/desktops, install applications, setup network infrastructure and troubleshoot as requiredPossesses excellent oral and written communications skills required for correspondence, reports, briefings, and proceduresDemonstrates strong customer service skillsMust be able to lift 30 lbs.Must be able to pass a background checkLocationPittsburghSecurity ClearanceMust meet eligibility requirements for access to U.S.government classified informationPositions OpenOneSalary Range:
$85,700 - $127,500RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate's work experience, education/training, skills, expertise; and internal equity.The salary range includes base pay plus RAND's sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet