We are seeking an experienced for one of our prestigious client to use Federal Assessment and Authorization (A&A) processes to research, verify and document information security controls per NIST 800-53 in order for the systems to be accredited.
Where appropriate the ISSO will oversee the development, preparation and submission of IS accreditation packages as part of the Risk Management Framework (RMF) lifecycle. Interprets and adherence to various USG requirements including (but not limited to): ICD 503, JSIG, and DAAPM.
Assist with compliance reviews and conduct audits to ensure information systems (IS) maintain the authorization baseline. Support vulnerability assessments and security test and evaluation. Assist with the initiation of protective and corrective measures when a security incident or vulnerability is identified; ensure IS security incidents are handled in accordance with established procedures. Actively participate in the Security Training and Awareness team.
Ensures systems are operated, maintained and disposed of based on ICD 503, DCID 6/3, JSIG, including Defense Security Service DAAPM standards.
Maintain thorough understanding of NIST 800-53 controls, determines controls applicable to the application, and manages POA&M items.
Conducts periodic self-inspections on local processes and practices to ensure compliance; accurately reports security posture to the security team.
Ensure configuration management is appropriate for all Information Systems (IS) software and hardware, including documentation and tracking of change control actions.
Ensure security logs and audit trails are reviewed in accordance with established schedules.
Provide support to the Information Systems Security Manager (ISSM) for maintaining appropriate operation information assurance (IA) posture for programs.
Generate, maintain security documentation for system hardware and software, to include SSPs, POA&Ms, equipment specifications, practices and procedures.
Experience with Risk Management Framework (RMF) and the Joint Special Access Program (SAP) Implementation Guide (JSIG)
Manage mandatory Information System (IS) patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance
Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
ISSO, ICD 503, DCID 6/3, JSIG, including Defense Security Service DAAPM standards. thorough understanding of NIST 800-53 controls, Experience with Risk Management Framework (RMF, SAP, JSIG)
Vegazva Group Company