Information System Security Officer (ISSO)

Clearance Level
Secret
Category
Cyber Security
Location
Falls Church, Virginia

REQ#: RQ137456

Travel Required: Less than 10%
Requisition Type: Regular

Responsibilities:

  • Validate security controls and documents in the Risk Management Framework (RMF) eMASS package, to include: the SSP, SAR, PIA, Categorization Form, Implementation Plan, Network Topology, HW/SW Listing, and Plan of Actions and Milestones (POA&Ms).
  • Direct Accreditation and Recertification activities for multiple EMASS ATO records networks and assist Service Owners with managing schedule to completion (ATO)
  • Maintain up-to-date statuses on all assigned systems and communicate status to the Government leads.
  • Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings.
  • Correspond with Government customer and system administrators to communicate any unacceptable risks identified and correct deficient RMF POA&M to meet Army and DoD standards.
  • Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and data
  • ·Create and maintain cybersecurity policies and standards.
  • Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards
  • Conducting and maintaining vulnerability scanning on networks; systems and applications utilizing ACAS
  • Producing actionable; risk-based reports on security assessment results
  • Managing; training and mentoring more junior team members
  • Assisting with vulnerability remediation when necessary
  • Developing and maintaining security plans and security testing plans
  • Be responsible and accountable for all task and reporting deadlines
  • Continuously improve risk models; metrics; reports; processes; and activities
  • Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
  • Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
  • Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.
  • Ensures that the user community understands and adheres to necessary procedures to maintain security.
  • Maintains current knowledge of relevant technology as assigned.
  • Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation

 

Education:

  • Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical training, or work experience.
  • Meet DoD 8570 IAM II certification requirements (CAP, CASP, CISSP, GSLC, or CISM)

Experience:

  • 8+ years of information security management experience; preferably in the DoD environments
  • Experience managing vulnerability mitigation and information security process in an enterprise environment
  • Experience with RMF process and POA&M tracking and resolution.
  • Experience with NIST publications, DoD 8500 series, AR 25-2, AR 380-5, AR 380-40, FIPS.
  • Experience with the Enterprise Mission Assurance Support Service (eMASS).
  • Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
  • Knowledge of Windows client/server; VMWare; networking; VTC/ VoIP; web/application servers; databases; and network architectures
  • Ability to manage vendor relationships and track externally dependent patching activities; driving the threat research life cycle
  • Ability to learn complex computing environments quickly; memorization skills desired
  • Support threat intelligence activities when required
  • Required skills/experience:
  • DoD ISSO experience a must
  • DoD Secret Required

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

0