Information Systems Security Officer (SME)

Location: Fort Washington Facility, MD or Waples Mill Facility Fairfax, VA (Onsite)

Clearance: TS/SCI (must have active TS/SCI)

Education: MA/MS (or BA/BS plus an additional 4 years of related work experience)

Outcomes:

The successful candidate is expected to accomplish the following outcomes in the first year on the

position:

• Formally track all tasks, to include: assigned by, suspense, status, and comments on all assigned tasks through completion and be prepared to brief upon request.

• Develop digital continuity folders and files that include standard operating procedures, workflows and POC lists to accomplish all tasks.
• Create 2-3 products beyond the client’s requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.
• Master position tasks within 60 days and exceed requirements within 90 days.

Responsibilities:

The Information Systems Security Manager provides onsite ISSO Subject Matter Expert (SME) support to the client where the Mission Architecture Innovation Directorate (CDMM) Systems are located. The Mission Architecture Innovation Directorate provides design, configuration, accreditation and implementation of mission and R&D information management systems and cloud-based solutions that support defense and intelligence priorities as well as internal business processes and mission functions, network communications, database management, security accreditation, and workflow management.

The ISSM provides coordination of cybersecurity related process and activities for CDMM and the CDMM portfolio. Per PWS section 1.3.9.1, Information System Security Officer (ISSO), and the Labor Category Description, PWS page 59. the specific responsibilities and tasks include but are not limited to:

• Coordinate and contribute to the Risk Management Framework (RMF) and systems authorization processes
• Coordinate and support the Cyber Incident Handling process,
• Provide support and contribute to the Life-Cycle Management (e.g. Engineering Change and Configuration Management) process,
• Coordinate, support, and contribute to the Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, and Reviews processes.
• Coordinates the continuous monitoring process,
• Coordinate the Department of Defense Information Network (DODIN) Connection Approval Process.
• Coordinate Cybersecurity Service Provider (CSSP) support process.
• Work with the CDMM to provide iterative innovation proposals to be implemented quarterly. Such proposals may be for implementing best practices, innovative technology, and/or process improvements that would support the overarching objective of managing CDMM daily operations more efficiently across the department. Proposals may include:

Methods for increasing mission capability, enhancing customer experience, and improving coordination across the enterprise, enhancing customer experience and improving coordination across the geographically dispersed enterprise.

• Provide cost/benefit analysis with proposals for Government review for any recommended efforts that require resources external to their organization.
• Coordinate, support and contribute to documentation of cybersecurity assessments, security impact analysis and system authorization of CDMM Information Systems. The format of the documentation will be determined based on the applicable DoD, Air Force and Multi-National directives and guidance. The documentation shall be submitted electronically to the CDMM or to the appropriate repository per CDMM guidance.

Qualifications:

The candidate must have the following qualifications:

• Minimum of fifteen (15) years of work-related experience, to include supporting cybersecurity related processes and initiating and evaluating system security.
• Of those 15 years, a minimum of ten (10) years of related work experience supporting a DoD Component.
• Minimum of three (3) years of experience as a staff officer (e.g. DoD staff, Service Staff, CCMD staff, Joint Staff, or equivalent) and may be included in the years of work-related experience.
• Experience supporting technical security of military systems with at least two of which include: experience in coalition operations, multi-level security solutions, or bilateral military information sharing efforts.
• Experience with the following processes: Risk Management Framework(RMF), Systems Authorization, Cyber Incident Handling, System Life Cycle Management processes (e.g. Engineering Change and Configuration Management), Vulnerability Management, Malware Protection, and Security Assessments, Evaluations and Reviews, Continuous Monitoring, DODIN Connection Approval Process, and Cybersecurity Service Provider (CSSP) support processes.
• Experienced in complying with DoD established Directive 8140..
• Excellent MS Office Software (Outlook, Word, Excel and PowerPoint) skills.
• Strong organization, writing and presentation skills..
• Must be analytical, possess excellent communication and presentation skills and the ability to work independently in an ambiguous environment and as a member of a team.

Required Certification:

• IAM Level III certified (i.e. CAP, CASP CE, CISM, CISSP, GSLC, or CCISO) mandatory,

The following qualifications are desired:

• CEH certification is desirable to meet IAM Level III.
• Familiar with the Interfaces for NIPRNET, SIPRNET, JWICS, Defense Messaging System, and other networks (to include SAP networks).

Travel: Less than 5%.