Information Systems Security Officer

The Information System Security Officer (ISSO) establishes and enforces security policies to protect an organization?s computer infrastructure, networks and data. The candidate for this client facing opportunity will be expected to provide strategic advice and expertise concerning the baseline security controls for Information Systems as outlined by the DoD Risk Matrix Framework. Specific implementation guidance, assessment procedures (test scripts), and expected outcomes are provided via the Enterprise Mission Assurance Support System (eMASS) security controls questions, as derived from the Risk Management Framework (RMF) for DoD IT Knowledge Service website. Notably, the baseline security controls include a significant requirement to conduct initial and periodic analysis and secure configuration of any Commercial Off-The-Shelf (COTS) and/or Non-Developmental Items (NDI) to ensure these are appropriately configured, software/hardware/ firmware is controlled, and any unique risks posed are mitigated, via implementing all Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) applicable to any system Information Assurance (IA)-enabled components.