Description

The ISSM's primary function is working within Special Access Programs (SAPs) supporting SMC and AFSPC acquisition efforts. The position will provide "day-to-day" support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.

Performance shall include:

• Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
• Perform analysis of network security, based upon the DCID 6/3, ICD 503, DIACAP, JSIG, and/or NISPOM Chapter 8 certification and accreditation processes; advise customer on IT certification and accreditation issues
• Perform risk assessments and make recommendations to customers
• Advise government program managers on security testing methodologies and processes
• Evaluate certification documentation and provide written recommendations for accreditation to government PM's
• Periodically review system security to accommodate changes to policy or technology
• Develop and maintain a formal Information Systems Security Program
• Ensure that all IAOs, network administrators, and other IS personnel receive the necessary technical and security training to carry out their duties
• Develop, review, endorse, and recommend action by the designated approval authority (DAA) of system certification documentation
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output
• Conduct certification tests that include verification that the features and assurances required for each protection level are functional
• Maintain a repository for all system certification/accreditation documentation and modifications
• Coordinate IS security inspections, tests, and reviews
• Develop policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
• Ensure that data ownership and responsibilities are established for each IS, to include accountability, access rights, and special handling requirements
• Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local IS security training
• Ensure that security testing and evaluations are completed and documented
• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
• Assess changes in the system, its environment, and operational needs that could affect the accreditation
• Ensure that certification is accomplished on each IS
• Review IS test plans
• Conduct periodic testing of the security posture of the IS
• Ensure configuration management (CM) for security-relevant IS software, hardware, and firmware are properly documented
• Ensure that system recovery processes are monitored to ensure that security features and procedures are properly restored
• Ensure all IS security-related documentation is current and accessible to properly authorized individuals
• Ensure that system security requirements are addressed during all phases of the system life cycle
• Participate in self-inspections; identify security discrepancies and report security incidents
• Coordinate all technical security issues outside of area of expertise or responsibility with SSE
• Provide expert research and analysis in support of expanding programs and area of responsibility
• Perform file transfers between local systems to storage devices
• Provide leadership, mentoring, and quality assurance for Team Members

Requirements

Experience:

6 - 8 years total experience, including minimum 4 years' experience within SCI or SAR environment. Minimum 2 years of SAP relevant experience highly desired.

Education:

Bachelor's degree or equivalent experience (4 years)

Certifications:

• Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 and Information Assurance Manager Level 2 within 6 months of the date of hire
• Must complete training on Joint Security Implementation Guidance (JSIG) and Risk Management Framework (RMF) Information Security Continuous Monitoring (ISCM)

Security Clearance:

• Current Top Secret Clearance with SCI Eligibility
• Eligibility for access to Special Access Program Information
• Willingness to submit to a Counterintelligence polygraph

Other Requirements:

• Must be familiar with security policy/manuals and the appropriate ICDs/JAFANs/DOD Manuals and other guiding policy documents
• Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners
• Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)
• Possess a high degree of originality, creativity, initiative requiring minimal supervision
• Willingness to travel within the organizational Area of Responsibility (AOR) (note - could be extensive, and will include both air and ground transportation)
• Must be able to lift up to 50 lbs