Senior Information Systems Security Officer (SME)

Position: Information Systems Security Officer SME (Information Systems Security Officer - SME)

Location: Fairfax, VA (situational telework eligible)

Clearance: TS/SCI Eligible / SAP Eligible

Education: MA/MS (or BA/BS plus an additional 4 years of related work experience)

Outcomes:

The successful candidate is expected to accomplish the following outcomes in the first year on the

position:

• Formally track all tasks, to include: assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request.

• Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks.

• Create 2-3 products beyond the client's requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.

• Master position tasks within 60 days and exceed requirements within 90 days.

Responsibilities:

The Information Systems Security Officer (ISSO) SME provides onsite ISSO expert support to the Information Security Managers (ISSMs) where the Mission Architecture Innovation Directorate (CDMM) Systems are located. The Mission Architecture Innovation Directorate provides design, configuration, accreditation and implementation of mission and R&D information management systems and cloud-based solutions that support defense and intelligence priorities as well as internal business processes and mission functions, network communications, database management, security accreditation, and workflow management.

The ISSO SME assists CDMM coordination of cybersecurity - related processes and activities for CDMM Information Systems and related interfaces. Per PWS section 1.3.9.1, Information System Security Officer (ISSO), the specific tasks include but are not limited to:

• Manage the Risk Management Framework (RMF) process,

• Work the system authorization process,

• Provide Cyber Incident Handling,

• Provide Life Cycle Management (e.g. Engineering Change and Configuration Management),

• Lead and advise on Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, and Reviews.

• Provide continuous monitoring,

• Work the Department of Defense Information Network (DODIN) Connection Approval Process

• Lead coordination for and with the Cybersecurity Service Provider (CSSP).

• Work with the CDMM ISSM and internal Branches and Divisions and manage iterative innovation proposals and projects to be implemented quarterly. Such proposals and projects may be implementing best practices, innovative technology, and/or process improvements that would support the overarching objective of managing CDMM daily operations more efficiently across the department.

• Pursue increased mission capability, enhancing customer experience, and improving coordination across the enterprise.

• Provide cost/benefit analysis on proposals for Government review for any recommended efforts that require resources external to the organization.

• Conduct and document cybersecurity assessments, security impact analysis, and system authorization of CDMM Information Systems.

• Submit and organize documentation of such artifacts in the appropriate repository per CDMM guidance.

Qualifications:

The candidate must have the following qualifications:

• Minimum of fifteen (15) years of work-related experience, to include supporting cybersecurity related processes and initiating and evaluating system security.

• Of those 15 years, minimum of ten (10) years of related work experience supporting a DoD Component.

• Minimum three (3) years of experience as a staff officer (e.g. DoD staff, Service Staff, CCMD staff, Joint Staff, or equivalent) and may be included in the years of work-related experience.

• Experience supporting technical security of military systems with at least two of which include: experience in coalition operations, multi-level security solitons, or bilateral military information sharing.

• Experience with the following processes and expertise in at least two of these: Risk Management Framework (RMF), Systems Authorization, Cyber Incident Handling, System Life Cycle Management processes (e.g. Engineering Change and Configuration Management), Vulnerability Management, Malware Protection, and Security Assessments.

• Familiar with the Interface with NIPRNET, SIPRNET, JWICS, Defense Messaging System, and other networks (to include SAP networks).

• Experienced in complying with DoD established Directive 8140.

• Excellent MS Office Software (Outlook, Word, Excel and PowerPoint) skills.

• Strong organization, writing and presentation skills.

• Must be analytical, possess excellent communication and presentation skills and the ability to work independently in an ambiguous environment and as a member of a team.

• Personnel shall be IAT Level II certified in accordance with DoD 8570.01-M.

• IAM Level III certification (i.e. CAP, CASP CE, CISM, CISSP, GSLC, or CCISO) mandatory, CEH desirable

The following qualifications are desired:

• Experience with Evaluations/Reviews, Continuous Monitoring, DODIN Connection Approval Process, and Cybersecurity Service Provider (CSSP)\

Travel: Occasional local travel required.

Other Requirements: