Information System Security Officer (isso)

Job Description:

JMA Resources is seeking a highly motivated and self-directed Information Systems Security Officer (ISSO) to join our team. This person provides assessments of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation. They will be responsible for recommending corrective actions to address identified vulnerabilities and preparing security assessment reports containing the results and findings from system security assessments. The ISSO will serve as a trusted agent who assesses and validates that the system has implemented the approved security control-based line as part of our Risk Management Framework (RMF) team.

Supervisory Responsibilities:

• None

Responsibilities:

• Participate in security control implementation, testing efforts, and vulnerability-level risk.
• Assist in managing, documenting, mitigating, and closing open vulnerabilities under the system’s change control process.
• Review, analyze, and evaluate business systems and user needs, specifically in relation to Authorization and Accreditation (A&A) (security requirements and documentation support) for the Navy, Plans of Action, and Milestones (POA&Ms), and documentation support.
• Interact daily with the PMO, Operations, and IT Security teams to address the needs of A&A and POA&M remediation.
• Write, edit, and/or manage a wide range of IT Security documentation and have a familiarity with federal IT standards such as the Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), and NIST SP 800-37 Rev 1 (Guide for Applying the Risk Management Framework to Federal Information Systems: Security Life Cycle Approach).
• Participate in security control implementation, testing efforts, and vulnerability-level risk assessments.
• Assist in mitigating and closing open vulnerabilities under the system’s change control process.
• Play a role in reviewing and updating RMF Cyber Security documentation.
• Ensure plans and channels are in place for incident response, business continuity, disaster recovery, and vulnerability and threat reporting.
• Perform other related duties as assigned.

Clearance Level:

• Current or ability to obtain a DOD Secret Clearance is required.

  • Note: To obtain a security clearance, you must be a US citizen and meet the 13 adjudicative guidelines.

Required Skills/Abilities:

• Must demonstrate:
  • Excellent verbal and written communication skills.
  • Strong technical writing skills.
  • Excellent problem-solving skills.
  • Attention to detail and accuracy.
  • Ability to work independently and in a team environment.
  • A thorough understanding and knowledge of the RMF process IAW the Navy RMF Process Guide.
• Must have experience working with the following:

  • Enterprise Mission Assurance Support Service (eMASS).

  • Security technologies such as firewalls, intrusion detection, prevention systems, and vulnerability assessment tools.

  • IA tools and scanners used to evaluate the security posture of the system/enclave.

Required Experience:

• Must have at least 3 years of experience following the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and/or RMF (RMF is preferred) experience:
  • Experience in RMF testing of all CS requirements and analysis required to complete an RMF package document for submittal and approval.
  • Experience performing vulnerability risk analysis on the deficiencies found during RMF testing.
• Experience with IA tools and scanners used to evaluate the security posture of the system/enclave.

Education Level:

• A degree in Computer Science is preferred but not required.

Required Certifications:

• Must have one the following:

  • Current Authorized Professional (CAP)

  • Current Certified Network Defender (CND)

  • Current CompTIA Cloud+

  • Current GIAC Security Leadership (GSLC)

  • Current CompTIA Security+

Location & Commitments:

• Full-time remote position that will require travel to the client site in Mechanicsburg, Pennsylvania, for approximately 2-5 days every 2 – 3 months.

• Hours are based on the client, usually 8-hour days flexing from 6 a.m. to 5 p.m. EST.

JMA Resources is an equal opportunity employer committed to achieving a diverse workforce with an environment free of discrimination and harassment. All aspects of employment, including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training, are based on business needs, job requirements, and individual qualifications, without regard to race, age, color, physical or mental disability, religion, gender, sexual orientation, gender identity/expression, marital status, national origin, political affiliation or protected veteran status.

JMA is also committed to the full inclusion of all qualified individuals. As part of this commitment, JMA will ensure that all persons with disabilities are provided reasonable accommodations. If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment tests, or otherwise participating in the employee selection process, please contact Amy Foy, Director of Human Resources, at afoy@jmares.com.