The Facilities Security Officer (FSO) / Information Systems Security Officer (ISSO) will manage and oversee the physical and information security operations of all corporate offices ensuring compliance with all relevant regulations and safeguarding sensitive information, assets, and personnel. The role involves implementing security policies, conducting security training, managing security systems, and protecting the integrity and confidentiality of information systems.

Key Responsibilities:

Security Compliance:

• Ensure the facility complies with all applicable government and industry security regulations (e.g., NISPOM, ITAR, NIST).
• Maintain and update the facility security clearance and ensure adherence to all relevant security guidelines.

Security Policies and Procedures:

• Develop, implement, and maintain security policies, standards, and procedures for both physical and information security.
• Conduct regular security audits and risk assessments to identify and mitigate potential security threats.

Access Control:

• Manage and monitor access control systems to ensure only authorized personnel have access to restricted areas and information systems.
• Issue, track, and manage security badges and credentials for employees and visitors.

Incident Management:

• Respond to security incidents, breaches, and emergencies.
• Conduct investigations and prepare reports on security violations and incidents.

Training and Education:

• Conduct security awareness training and briefings for employees and contractors on both physical security and information security best practices.
• Keep staff informed of changes to security protocols and best practices.

Liaison and Coordination:

• Act as the primary point of contact with government security agencies, including the Defense Counterintelligence and Security Agency (DCSA).
• Coordinate with local law enforcement, emergency services, and other security-related entities.

Security Systems Management:

• Oversee the installation, maintenance, and monitoring of security systems, including surveillance cameras, alarm systems, access control systems, and information security tools.
• Ensure all security systems are functioning correctly and efficiently.

Documentation and Record-Keeping:

• Maintain accurate and up-to-date security records, including incident reports, access logs, system security plans (SSPs), and training records.
• Prepare and submit required reports to regulatory bodies and management.

Budget Management:

• Manage the security budget, including procurement of security equipment and services.
• Optimize the use of resources to maintain and enhance security measures.

Information Systems Security Responsibilities:

Risk Management Framework (RMF) Compliance:

• Implement and maintain compliance with the Risk Management Framework (RMF) and other relevant information security frameworks.
• Conduct security control assessments and support continuous monitoring activities.

System Security Plans (SSP):

• Develop, review, and update System Security Plans (SSPs) for all information systems.
• Ensure that SSPs accurately reflect the current security posture and controls in place.

Security Controls Implementation:

• Implement and manage security controls to protect information systems and data from unauthorized access, disclosure, alteration, and destruction.
• Monitor and evaluate the effectiveness of security controls and make necessary adjustments.

Security Incident Response:

• Develop and implement information security incident response plans.
• Respond to and investigate information security incidents and breaches.

Vulnerability Management:

• Conduct regular vulnerability assessments and penetration tests.
• Remediate identified vulnerabilities and implement corrective actions.

ISO Compliance

• Knowledge of Information Security Management System
• Establish, implement, maintain, and continually improve the integrated management system, including the processes needed and their interactions.
• Define and apply an information security risk assessment process with criteria for when assessments should be performed and criteria for acceptance of risks.
• Knowledge of quality management systems, process approaches, risk-based thinking

Qualifications:

• Education: Bachelor's degree. Emphasis in Criminal Justice, Security Management, Information Technology, Cybersecurity, or a related field is desired.
• Experience: Previous experience (5 years minimum) in security management and information systems security, particularly in a government or defense-related industry.
• Certifications: Certified Facility Security Officer (CFSO), Certified Information Systems Security Professional (CISSP), or equivalent certifications are highly desirable.
• Skills:
  • Strong knowledge of security regulations and standards (e.g., NISPOM, ITAR, NIST, ISO 27001 and 9001).
  • Excellent organizational and communication skills.
  • Ability to handle sensitive and confidential information with discretion.
  • Proficiency in security systems and technologies.
  • Strong analytical and problem-solving skills.
  • Experience with RMF and cybersecurity frameworks.

Working Conditions:

• The FSO/ISSO will normally work in the corporate office but may be required to conduct inspections, assist company personnel, and respond to incidents at our government customer's offices/facilities.
• The role may involve occasional travel to attend training or coordinate with external security agencies.
• The position may require on-call availability to respond to security emergencies outside of regular working hours.

Reporting Structure:

The Facilities Security Officer / Information Systems Security Officer will report to the TGG Chief Operating Officer (COO).

**The Garrett Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.