What are the responsibilities and job description for the Information Systems Security Officer (ISSO) position at VTG?
Overview:
The Information System Security Officer (ISSO) is responsible for the overall security posture of information systems within the SCIF. The ISSO ensures compliance with federal regulations, security policies, and accreditation requirements to safeguard classified information. This role requires strong technical expertise, a proactive mindset, and a commitment to maintaining the confidentiality, integrity, and availability of information systems. This role is 100% onsite in Herndon, VA.
Responsibilities:
- System Security Management:
- Oversee the implementation and management of system security measures in compliance with National Industrial Security Program Operating Manual (NISPOM), Risk Management Framework (RMF), Intelligence Community Directives (ICDs), and other applicable regulations.
- Maintain the security posture of SCIF systems by ensuring compliance with Assessment and Authorization (A&A) requirements.
-
Risk Assessment and Mitigation:
- Conduct regular risk assessments, vulnerability scans, and security audits to identify and mitigate potential threats.
- Develop, implement, and manage security policies and procedures to address identified risks.
-
Monitoring and Incident Response:
- Monitor system activity and respond to potential security incidents.
- Investigate and document security incidents and implement corrective actions to prevent recurrence.
-
Documentation and Reporting:
- Prepare and maintain security documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&M), and risk assessments.
- Submit reports on system security status to senior leadership and government security officials as required.
-
Compliance and Training:
- Ensure all personnel accessing SCIF systems complete required security training.
- Conduct periodic security briefings and ensure adherence to access control policies.
-
Collaboration:
- Work closely with other VTG staff to ensure coordinated efforts in maintaining security compliance.
- Coordinate with external auditors and government representatives for security inspections and audits.
Required:
- Bachelor’s degree in information systems, Cybersecurity, or a related field (or equivalent experience).
- Minimum of 5 years of experience in information system security, preferably in classified environments.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication abilities.
- Ability to work independently and in a team environment.
- Experience with implementing and managing classified information systems in a SCIF environment.
Desired:
- Proficiency in tools such as eMASS, ACAS, Splunk, or similar platforms.
- In-depth knowledge of RMF, NISPOM, ICD 503, and other relevant guidelines.
