Facility Security Officer

Overview

Facility Security Officer (FSO) with Information System Security Manager (ISSM) Experience

Position Objective

The FSO is responsible for implementing and maintaining a security program that complies with the NISPOM (32 CFR Part 117) and other regulations, and partnering with cognizant security authorities, senior management, and personnel. The FSO provides support for all security actions in accordance with corporate and governmental policies and directives.

The ISSM is responsible for ensuring the appropriate operational security posture is maintained for information system security requirements for Sparton’s Authorized Information Systems (AIS). The successful candidate will have the knowledge and expertise required to manage all security aspects of information systems and oversee the day-to-day security operations of each system, associated media and networks.

Here Are Some of the Great Benefits We Offer:

• Competitive compensation & 401k matching program of up to 6%, to plan for your future
• Robust medical, dental, vision, & disability coverage with qualified wellness discounts
• Basic Life Insurance and Additional Life & AD&D Insurances are available
• Flexible Vacation & PTO

Responsibilities

FSO Responsibilities:

• Must have a thorough knowledge of the National Industrial Security Program Operations Manual (NISPOM), and any other polices and directives as necessary by site.
• Serve as the manager on all physical and Proxy Agreement security requirements, with working knowledge of Foreign Ownership, Control and Influence (FOCI) policy and security structure
• Serve as primary advisor and Security subject matter expert to the Senior Leadership Team on all physical and industrial security matters and liaison to the local Defense Counterintelligence & Security Agency (DCSA) Industrial Security Representative on all matters pertaining to the safeguarding and handling of classified and controlled unclassified information (CUI) and for Proxy/National Security Agreement compliance and reporting
• Develop and maintain compliance standard procedures supporting customer and government agency requirements to include Standard Operating Procedures (SOPs), Standard Practices and Procedures (SPPs), Operational Security (OPSEC), Emergency Action Plans (EAPs) and Risk Analysis Investigations specific to the facility
• Establish and maintain effective security awareness training including, as required: Annual Security Briefings, Counterintelligence, Espionage, Insider Threat, Courier, NATO, debriefings, indoctrinations, pre/post-foreign travel briefings, and all other mandated briefings
• Safeguard and assure accountability of all classified materials and areas in accordance with NISPOM requirements
• Conduct periodic self-inspections on local processes and practices to ensure Proxy Agreement and component program security compliance; accurately reports security posture to site, group and corporate leadership
• Ensure proper training and routine oversight of site reception duties, to include badge handling and processing, visitor control and physical security management
• Oversee badging of employees, visitors, consultants and government representatives to ensure compliance with Sparton policyManage visit requests and Cleared personnel visit requests utilizing DISS. Process and manage personnel security clearances using /DISS and assist new applicants with the e-QIP process.Plan, examine, analyze, evaluate and provide oversight of security operations; prepare reports and record for management team.Conduct annual clearance justifications and advise leadership when an employee does not meet clearance requirementsManage the Operational Security (OPSEC) requirements for all government sensitive programs and ensure personnel cleared on those programs receive initial and refresher

Desired ISSM Responsibilities:

• Reviewing, preparing, and updating ATO packages in accordance with NIST Risk Management Framework and customer policy, procedures and guidelines.
• Identify and communicate changes that might affect information system (IS) security authorization status to include identifying security deficiencies/discrepancies and providing recommendations for solutions.
• Act as a liaison with government agencies, such as Defense Security Service (DSS) Information System Security Professionals (ISSP), Advanced / Special Program government Security Control Assessors (SCA), and other external / internal customers.
• Development, implementation, and maintenance of System Security Plans (SSP), Standard Operating Procedures (SOP), information security policies to ensure compliance with Risk Management Framework (RMF) guidelines.
• Development and maintenance of Plan of Action and Milestones (POA&M) through mitigation and risk acceptance.
• Oversee the scheduling, installation, implementation and maintenance of security software integration on all information systems under his / her purview.
• Ensure proper measures are taken when an information system incident or vulnerability is discovered.
• Maintain, and execute the information security continuous monitoring (ConMon) plan.
• Ensure configuration management (CM) policies and procedures for authorizing the use of hardware/software on an information system are followed and assess changes to the system, its environment, and operational needs that could affect the security authorization.
• Perform self-inspections, provide security coordination and review of system test plans
• Identify vulnerabilities and work with technical subject matter experts to identify and implement countermeasures.
• Assists in the coordination, preparation, and tracking of IS inspections, reports, and responses.
• Deploy and configure scanning tools to conduct security vulnerabilities reviews in support of continuous monitoring processes.
• Conduct manual SRG/STIG checklists and remediation.
• Conducts scheduled audits and managing audit data.
• Prepare reports on the status of security safeguards applied to computer systems.
• Ensure IS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices.

Qualifications

Minimum Requirements:

• Five years of experience as an FSO (desired)
• Bachelor’s degree
• Completion of CDSE FSO Certification (desired – must complete within 6-months of start)
• Working knowledge of CFR 32 Part 117 (National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICDs), and associated industrial security regulations, policies and regulations.
• Experience with government systems (DISS, NCAISS, e-APP, NBIS, and SWFT databases).
• US Citizen
• Active TS clearance

Skills for ISSM (Desired):

• Minimum three (3) years of experience as ISSO, Alternate ISSM, or DoD equivalent at an organization of similar size and complexity. Relevant bachelor’s degree a plus.
• Experience with AIS reaccreditation process and security controls under the NIST Risk Management Framework, in accordance with NIST special publications, including SP-800-171, SP-800-53, and DAAPM.
• Knowledge of other security disciplines and how they impact and interact with information system security.
• Ability to obtain and maintain a Top-Secret Clearance.
• Ability to perform technical certifications for systems being presented to the government for authorization, to include type accreditation.
• Understanding of network concepts and Type 1 encryption devices, such as TACLANE.
• Familiarity with CUI requirements for unclassified IT systems and SIPRnet connectivity process is a plus.
• Desirable certifications include Security , CISSP or other DoD 8570.1 certifications.
• Familiarity and understanding of Microsoft Windows 10 security and administrative settings, and ability to meet STIG/JSIG/NISPOM requirements for IS.