Information Systems Security Officer - TO15

Employer
Perspecta
Location
Winchester, VA
Posted
Jun 09, 2019
Closes
Jun 17, 2019
Ref
153704867
Hours
Full Time
Every day at Perspecta , we enable hundreds of thousands of people to take on our nation's most important work. We're a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation's most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselves-to respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers. Perspecta works with US government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many ways-not only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter. Perspecta 's talented and robust workforce-14,000 strong-stands ready to welcome you to the team. Let's make an impact together. Perspecta has an immediate need for an Information Systems Security Officer in Winchester, VA - Top Secret Clearance The ISSO isresponsible to the System Owner (SO) and Information Systems Security Manager (ISSM)for ensuring that an appropriate operational security posture is maintained foreach assigned Information System (IS) or Information Assurance (IA) program.The ISSO is responsible for the day-to-day implementation, oversight, andmaintenance of the security configuration, practices, and procedures for eachIS under the ISSOs purview in accordance with agency and Federal policies andguidelines. This encompasses thoseactivities that ensure the IS, including its administration, processes, andusers, are operating in the approved secure manner and as documented in theSystem Security Plan (SSP). The ISSO writes and maintains the SSP which describes in detail howsecurity will be implemented and managed on the IS throughout its lifecycle, aswell as the Security Assessment and Authorization (SAA) documentation andprepares or coordinates the preparation of all other required system securitydocumentation. All data, including the SSP, is entered into the Agency'sGovernance, Risk, and Compliance (GRC) application, Agiliance's RiskVision. The ISSO also conducts periodic self-assessments of assigned IS's, atleast annually, and complies with all other Federal Information Security ModernizationAct (FISMA) requirements for documentation and reporting, as assigned. Ensure that all IS's are operated,maintained, and disposed of in accordance with security policies and practicesoutlined in the approved SAA package. Support all IS SAA activities throughoutthe SAA process, and ensure that all SAA documentation is developed andmaintained in accordance with the SAA processes (see page 5, GovernmentFurnished Documents). Ensure that an effective process isimplemented for all users to have the requisite security clearances,authorization, and need-to-know before their being granted access to an IS andshall have administered/witnessed the signed user agreements Ensure and document that an effectiveprocess is implemented for the dissemination, control, management and issuanceof user identifications and passwords, and shall provide authorization lists toappropriate system administrators for implementation. Ensure that all general users assigned tothe applicable information systems, receive the required general user securitytraining annually and sign the General User Rules of Behavior. Ensure and document that all privilegedusers assigned to the assigned systems, receive the required privileged usertraining annually and sign the Privileged User Rules of Behavior. Ensure that all system securityrequirements are addressed during all phases of the information systemlifecycle for assigned systems. Ensure that all FISMA requirements aredocumented and submitted on schedule to the government task lead(s) Ensure that all Plans of Actions andMilestones (if any) under their purview are updated as changes occur, and theirstatus reported to the ISSM monthly. Ensure that required auditable events areestablished for all IS's under their purview, and audit logs are retained,reviewed in accordance with a schedule established by the ISSM, and madeavailable on request from the ISSM or appropriate government entity. Documentary evidence of above shall bemaintained. Implement and maintain an InformationSecurity Awareness and Training program. Ensure that precautionary measures areexercised to prevent the introduction and/or proliferation of malicious code tothe IS-measures such as user awareness training, enforcement of IA policies,and implementation of required audit log reviews Oversee all information system recoveryprocesses for assigned information systems to ensure security controls areproperly implemented. Ensure response to all information systemdata calls within the specified schedule provided by the government. Ensure that all IS security incidents arereported to the Enterprise Security Operations Center (ESOC), ISSM and/or CSOimmediately and appropriate action is taken, including the submission of a SecurityIncident Report in the Agency's reporting system. Ensure that the release of all mediaand/or memory components from the Agency facility are managed and documented inaccordance with applicable policies and procedures. Initiate any protective and correctivemeasures when information security incident or system vulnerability isdiscovered. Present a Program Management Review (PMR)as scheduled or as requested by the government. Take the Basic ISSO Course within 30 daysof assuming ISSO duties and annually thereafter. Take subsequently identified Agency ISSOtraining as required by the Chief Information Officer or Training Division. Attend periodic teleconferences or videoconferences (via Microsoft Lync) including the weekly ISSO Forum hosted by theISSO Program Manager as required by the Task Lead or Program Manager. Qualifications: A minimum of five (5) years of work experience in computer science or cyber security-related field. A bachelor's or advanced degree in Computer Science, Cyber Security,Mathematics, or Engineering is highly desirable Familiarity with the use and operation of security tools such as, but notlimited to: Tenable's Nessus/SecurityCenter, Trustwave AppScanner, or likeapplications Certification in at least one of the following during the life of thecontract: International Information Systems Security Certification Consortium(ISC2) Certified Information Systems Security Professional (CISSP), the GlobalInformation Assurance Certification (GIAC) [SANS] Information SecurityProfessional (GISP), or the Computing Technology Industry Association (CompTIA)Advanced Security Practitioner (CASP) or other certifications exemplifyingskill sets such as those described in DoD Instruction 8570.1 IAM Level IIIproficiency. Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice. Extensive background with DITSCAP/DIACAP may be substituted in some cases. Good communications skills, both in writing and orally. US Citizenship Active Top Secret clearance, and SCI capable Subject to credit check