Job Specifications
Active Top Secret Clearance Required
Information System Security Officer (ISSO)/Technical Security Requirements. The contractor shall perform the following duties related to Information Assurance/Technical Security IAW DoD JSIG and applicable DoD, DAF, ACC, and Wing applicable AIS security polices and regulations:
Manage, update, and accomplish AIS RMF BOE and BOE associated requirements. Ensure development and implementation of procedures IAW Configuration Management policies and procedures for evaluation of AIS security program
Perform analysis of network security, based upon RMF JSIG, National Industrial Security Program Operating Manual (NISPOM) Chapter 8, and other sources as added or updated, advise customers on AIS certification and accreditation issues
Perform AIS risk assessments and make recommendations to customers, Wing Information System Security Manager (ISSM), and System Owner
Participation in AIS Configuration Control Board
Advise Wing ISSM and System Owner on security testing methodologies and processes
Evaluate AIS certification documentation and provide written recommendations for accreditation to Wing ISSM and System Owner
Review AIS security to accommodate and/or recommend changes to policy or technology
Evaluate Information Technology (IT) threats and vulnerabilities to determine whether additional safeguards are needed and report these threats or vulnerabilities to Wing ISSM and System Owner
Develop and maintain a formal Information Systems Security Program
Recommend changes/updates to the Wing Information Assurance Standard Operating Procedure (IA SOP) to the Wing ISSM when applicable to support unique AIS requirements
Review and evaluate all certification/accreditation support documentation for proof of acceptable AIS and network security procedures and based upon review, provide written documentation for accreditation to the Wing ISSM, to include External Information Systems (EIS)
Ensure all personnel have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to AIS
Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output
Ensure all accreditation documentation, to include Cyber Program required documentation is loaded to Core File Share IAW Wing IA SOP
Conduct and coordinate AIS security inspections, tests, and reviews
Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within the applicable computer or network system
Ensure that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements
Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting AIS security training. Manage Media Custodian Training, User Account Training, Annual SAP Security Training, and Data Transfer Training
Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed. Manage, track, and install AIS vulnerability patches
Assess configuration changes in the system, environment, and operational needs that could affect AIS accreditation
Review existing security documentation to verify documents still accurately represent the system; a re-evaluation of the system vulnerabilities, threat and risk; and complete security test, or subset of the original test that will be conducted
Conduct periodic testing of the security posture of the information systems as required. Verify the compliance of the system with the security requirements by demonstrating, inspecting, and analyzing the system's capabilities and base-line configuration
Ensure configuration management for security-relevant AIS software, hardware, and firmware is maintained and documented
Ensure system recovery processes are monitored to ensure security features and procedures are properly restored
Ensure all AIS security-related documentation is current and accessible to authorized individuals
Ensure system security requirements are addressed during all phases of the system life cycle. Develop and manage an AIS End of Support (EOS) program for all AIS and associated equipment/devices. Advise customer on upcoming costs associated with replacing EOS equipment for effective budget. 1.2.1.27. Perform weekly system audits as required on multiple systems; work closely with system administrators and ensure current security measures are sufficient and in compliance with approved policies and processes
Perform account management for all systems and access; tasks include verifying requirements for access and adding/modifying/deleting accounts as required
Write Request for Approvals (RFA) for equipment and electronic data being used in off-site locations
Participate in annual self-inspections and Command Compliance Inspections; identify discrepanci
About the Company
Diligent Consulting Inc is an IT services provider delivering high quality solutions in Enterprise Architecture, Legacy System Revitalization & Transformation, Application Development, Cyber Security and Professional Services. We are appraised at CMMI Maturity Level 3 and ISO 9001:2008. Diligent is a Service Disabled Veteran Owned Small Business. We are proud to have been awarded a prime contract under NETCENTS-2 Application Services, Small Business. We uphold the values of integrity and professionalism and are grounded in a...
Know more