Lead Information Systems Security Officer

Location
Washington VA-Fairfax, DC
Posted
Mar 03, 2017
Closes
Apr 04, 2017
Industry
Security
Hours
Full Time
General Dynamics, Health and Civil Solutions Division, is hiring individuals with advanced skillsets in cyber security to develop and operate cyber security capabilities for variety of federal customers.  Candidates should have excellent written and oral communication skills, be able to work independently and as part of a team, and have demonstrated leadership  capabilities.  Solution and proposal development is a very important aspect of this position. 

 

Security A&A Services

The resources shall support the ISSO in completing Security Assessment and Authorization (A&As) related to projects supported by IT. These services also include maintaining the security documentation and tracking issues and risks associated with the information resource. The resources shall develop, coordinate, and oversee policy, guidelines, and procedures for internal information systems security programs.  These resources shall also assist  management in the implementation of security requirements and secure information systems.  The IT Program Manager or his or her designee shall direct the performance of all tasks and day to day activities.

The primary mission of the resources assigned to this task is to support the following:

  • Providing Information Technology Security Assessment and Authorization (A&A) guidance.
  • Facilitating initial briefings and subsequent meetings of the A&A core team.
  • Coordinating the completion of a BIA for each information resource.
  • Working with the Privacy Office on privacy-related requirements.
  • Recommending security requirements to executive sponsors and portfolio managers during the Business Impact Assessment (BIA) process based on generally accepted industry practices, the operating environment [e.g., hosted in the de-militarized zone (DMZ)], and the risks associated with the information resource.
  • Providing guidance on how information resources are vulnerable to threats, what controls and countermeasures may be appropriate, and the A&A process.
  • Reviewing and evaluating A&A documentation, including the BIA, Risk Assessment, Security Plan, Security Test and Evaluation (ST&E) plan and report, and independent reviews of the information resource.
  • Preparing the A&A Evaluation Report.
  • Escalating security concerns or forwarding the A&A Evaluation Report and supporting A&A documentation package to the certifier.
  • Work with the ISSO to complete A&A artifacts and sending the other required artifacts (e.g., TAD and security specifications for procurements) to the ISSO.
 

ISSO Security A&A Support

The primary mission of the resource assigned to this task is to assist the Information Systems Security Officer (ISSO) and the Information Systems Security Representative (ISSR) appointed by an executive sponsor or portfolio manager to serve as a development point of contact to perform security-related activities on their behalf. The supplier resource shall service an ad hoc with other assigned duties.  The USPS IT Program Manager or his or her designee shall direct the performance of all tasks and day to day activities.

The responsibilities include the following:

  • Providing support to the executive sponsor and portfolio manager, as required.
  • Promoting information security awareness on the project team.
  • Ensuring that security controls and processes are implemented.
  • Notifying the executive sponsor, portfolio manager, and ISSO of any additional security risks or concerns that emerge during development, acquisition, or integration of the information resource.
  • Developing security-related documents required by the A&A process.
  • Working with the ISSO to complete A&A artifacts and sending the other required artifacts (e.g., TAD and security specifications for procurements) to the ISSO.
Education Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications
  • Specific knowledge of NIST guidelines, including Special Publication 800-53, 800-18, 800-30, 800-37, 800-60, FIPS 199, (and related OMB and NIST guidance).
  • 3+ years performing risk management activities developing and maintain Systems Security Plans (SSPs), Risk Assessment and Recommendations (RaRs), Plan of Action and Milestones (POA&M). 
  • 5 years of demonstrated experience leading and managing assessment projects with the ability multi-task, prioritize, and work towards aggressive deadlines.
  • Excellent communication skills both in a written and oral format
  • Ability to interface with all levels of management
  • Experience conducting audits of systems and documents and ability to perform reviews of such.
  • Experience with business and information security practices and procedures in an enterprise environment
  • Extensive knowledge of the following areas - Information Security Standards, Regulations, Guidelines, Frameworks and Best Practice (FedRAMP, FISMA, ISO, SOX, PCI, etc.)
  • Conceptual or actual knowledge of Cloud computing infrastructures.
  • CAP, CISM, or CISSP certifications a plus
  • Must be able to attain a Public Trust clearance
 As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.