Senior Information Systems Security Officer (Information Systems Security Officer - Senior)

Location:JBSA/Lackland, San Antonio, TX

Clearance:TS/SCI

Education:MA/MS (or a BA/BS plus an additional 4 years of work-related experience)

Outcomes:

The successful candidate is expected to accomplish the following outcomes during the first year in the position:

• Formally track all tasks, to include assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request.
• Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks.
• Create 2-3 products beyond the client's requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.
• Master position tasks within 60 days and exceed requirements within 90 days.

Responsibilities:

The Senior Information Systems Security Officer (ISSO) provides onsite ISSO support to the Information Security Managers (ISSMs) where JBSA systems are located. The ISSO assists JBSA coordination of cybersecurity - related processes and activities for JBSA-Lackland Information Systems and related interfaces. The ISSO provides professional services to evaluate system security and information assurance requirements and ensure compliance is consistent with the DoDI 8510.01 - Risk Management Framework (RMF) for DoD IT. The contractor shall apply knowledge of Assessment and Authorization (A&A) accreditation directives, instructions, and regulations such as the Joint DoD Intelligence Information System (DoDIIS)/Cryptologic SCI Information Systems Security Standards (JDCSISSS) and NIST Risk Management Framework (RMF) for DoD Information Technology (IT) to the tasks listed below, as needed. The ISSO applies all aspects of applicable commercial, DoDI 5000.02, and associated DAF Configuration Management/Data Management (CM/DM) processes and policies, as applicable. Per PWS section 1.3.4.1, Information Assurance, and 1.3.9, Information System Security Officer (ISSO), the specific tasks include but are not limited to:

Information Assurance:

• Review, analyze, and assess systems configurations/architectures to identify security, safety, and mission-critical functions/components and Critical Program Information (CPI) (RR #32).

• Develop system security and information assurance documentation consistent with the standards above to support system assessment and authorization, as well as interim authority and authority to operate decisions (RR #33).

• Analyze and identify system, subsystem, and component vulnerabilities to determine applicable controls, testing, and other potential information assurance solutions and safeguards consistent with the RMF.

• Develop, enter, and maintain RMF data and information in the XACTA (JWICS/COE & higher classified systems) and eMASS (NIPR & SIPR Systems) applications, as applicable.

Information Systems Security Officer Support:

• Support the Risk Management Framework (RMF) process,

• Support system authorization,

• Facilitate and support the Cyber Incident Handling,

• Support the System Life Cycle Management Processes (e.g. Engineering Change and Configuration Management),

• Support Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, and Reviews.

• Provide continuous monitoring,

• Support the Department of Defense Information Network (DODIN) Connection Approval Process

• Coordinate with the Cybersecurity Service Provider (CSSP).

• Work with the JBSA-Lacklan Senior ISSO or ISSM and internal Branches and Divisions to provide iterative innovation concepts, and assist with documenting proposals to be implemented quarterly. Such proposals may be proposing best practices, innovative technology, and/or process improvements that would support the overarching objective of managing JBSA-Lackland daily operations more efficiently across the department.

• Pursue increased mission capability, enhancing customer experience, and improving coordination across the enterprise.

• Conduct cost/benefit analysis on proposals for Government review for any recommended efforts that require resources external to the organization.

• Document and produce cybersecurity assessments, security impact analysis, and system authorization of JBSA-Lackland Information Systems.

• Manage submission of documentation and organize artifacts in the appropriate repository per JBSA-Lackland guidance.

Qualifications:

The candidate must have the following qualifications:

• Minimum of ten (10) years of work-related experience, to include supporting cybersecurity related processes and initiating and evaluating system security.

• Of those 10 years, six (6) years of related work experience supporting a DoD Component.

• Minimum of 3 years of experience as a staff action officer (e.g. DoD Staff, Service Staff, CCMD staff, Joint Staff, or equivalent) and may be included in the years of technical experience.

• Experience supporting technical security of military systems with at least two of which include: experience in coalition operations, multi-level security solutions, or bilateral military information sharing.

• Understanding the Interface with NIPRNET, SIPRNET, JWICS, Defense Messaging System, and other networks (to include SAP networks).

• Familiarity with NIST 800-53 and Knowledgeable on DoD established Directive 8140..

• Personnel shall be IAT Level II certified in accordance with DoD 8570.01-M.

• IAM Level II certification (i.e. CAP, CASP CE, CISM, CISSP, GSLC, or CCISO)

The following qualifications are desired:

• IAM Level III certification (i.e. CAP, CASP CE, CISM, CISSP, GSLC, or CCISO) CEH preferred.

• Experience with Evaluations/Reviews, Continuous Monitoring, DODIN Connection Approval Process, and Cybersecurity Service Provider (CSSP)\

• Experience as a staff officer (e.g. DoD staff, Service Staff, CCMD staff, Joint Staff, or equivalent.

Travel: Occasional local travel required.

Other Requirements: