ISSO TOP SECRET clearance (SCI eligible) Winchester, VA Long term position supporting FBI 1 day remote The ISSO is responsible to the System Owner (SO) and Information Systems Security Manager (ISSM) for ensuring that an appropriate operational security posture is maintained for each assigned Information System (IS) or Information Assurance (IA) program. The ISSO is responsible for the day-to-day implementation, oversight, and maintenance of the security configuration, practices, and procedures for each IS under the ISSOs purview in accordance with agency and Federal policies and guidelines. This encompasses those activities that ensure the IS, including its administration, processes, and users, are operating in the approved secure manner and as documented in the System Security Plan (SSP). The ISSO writes and maintains the SSP which describes in detail how security will be implemented and managed on the IS throughout its lifecycle, as well as the Security Assessment and Authorization (SAA) documentation and prepares or coordinates the preparation of all other required system security documentation. All data, including the SSP, is entered into the Agency's Governance, Risk, and Compliance (GRC) application, Agiliance s RiskVision. The ISSO also conducts periodic self-assessments of assigned IS s, at least annually, and complies with all other Federal Information Security Modernization Act (FISMA) requirements for documentation and reporting, as assigned. Ensure that all IS s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the approved SAA package. Support all IS SAA activities throughout the SAA process, and ensure that all SAA documentation is developed and maintained in accordance with the SAA processes (see page 5, Government Furnished Documents). Ensure that an effective process is implemented for all users to have the requisite security clearances, authorization, and need-to-know before their being granted access to an IS and shall have administeredwitnessed the signed user agreements Ensure and document that an effective process is implemented for the dissemination, control, management and issuance of user identifications and passwords, and shall provide authorization lists to appropriate system administrators for implementation. Ensure that all general users assigned to the applicable information systems, receive the required general user security training annually and sign the General User Rules of Behavior. Ensure and document that all privileged users assigned to the assigned systems, receive the required privileged user training annually and sign the Privileged User Rules of Behavior. Ensure that all system security requirements are addressed during all phases of the information system lifecycle for assigned systems. Ensure that all FISMA requirements are documented and submitted on schedule to the government task lead(s) Ensure that all Plans of Actions and Milestones (if any) under their purview are updated as changes occur, and their status reported to the ISSM monthly. Ensure that required auditable events are established for all IS s under their purview, and audit logs are retained, reviewed in accordance with a schedule established by the ISSM, and made available on request from the ISSM or appropriate government entity. Documentary evidence of above shall be maintained. Implement and maintain an Information Security Awareness and Training program. Ensure that precautionary measures are exercised to prevent the introduction andor proliferation of malicious code to the IS measures such as user awareness training, enforcement of IA policies, and implementation of required audit log reviews Oversee all information system recovery processes for assigned information systems to ensure security controls are properly implemented. Ensure response to all information system data calls within the specified schedule provided by the government. Ensure that all IS security incidents are reported to the Enterprise Security Operations Center (ESOC), ISSM andor CSO immediately and appropriate action is taken, including the submission of a Security Incident Report in the Agency s reporting system. Ensure that the release of all media andor memory components from the Agency facility are managed and documented in accordance with applicable policies and procedures. Initiate any protective and corrective measures when information security incident or system vulnerability is discovered. Present a Program Management Review (PMR) as scheduled or as requested by the government. Take the Basic ISSO Course within 30 days of assuming ISSO duties and annually thereafter. Take subsequently identified Agency ISSO training as required by the Chief Information Officer or Training Division. Attend periodic teleconferences or video conferences (via Microsoft Lync) including the weekly ISSO Forum hosted by the ISSO Program Manager as required by the Task Lead or Program Manager. Qualifications A minimum of five (5) years of work experience in computer science or cyber security-related field. A bachelor s or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable Familiarity with the use and operation of security tools such as, but not limited to Tenable s NessusSecurityCenter, Trustwave AppScanner, or like applications Certification in at least one of the following during the life of the contract International Information Systems Security Certification Consortium (ISC ) Certified Information Systems Security Professional (CISSP), the Global Information Assurance Certification (GIAC) SANS Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 IAM Level III proficiency. Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 63 knowledge of current authorization practices, particularly within the Department of Justice. Extensive background with DITSCAPDIACAP may be substituted in some cases. Good communications skills, both in writing and orally. US Citizenship Active Top Secret clearance, and SCI capable Subject to credit check