Information Systems Security Officer (ISSO)

Overview

CommIT Enterprises, Inc. is seeking an Information Systems Security Officer (ISSO) to join our team in Quantico, VA. The Information Systems Security Officer (ISSO) will assist our Naval Surface Warfare Center, Indian Head Division (NSWC IHD) client in the planning and execution of the cyber security requirements of PfM Ground Weapon Systems (GWS) systems and for ensuring adherence to the DoD Risk Management Framework (RMF) process. This position will require frequent customer engagement in order to understand and solve technical issues and support the accurate and timely delivery of products for each supported program. 

Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development.

Responsibilities

Your essential job functions will include but may not be limited to-

• Create authorization package records in Marine Corps Certification and Accreditation Support Tool (MCCAST) or Enterprise Mission Assurance Support Service (eMASS) for assigned systems
• Support identification of the system type (IS, IT product, IT service) and any special considerations including multi-service/agency, joint, cross domain, data classification, tactical, space, etc., to support categorization
• Participate in weekly Integrated Product Team (IPT) meetings and attend GWS meetings as required to address cybersecurity concerns and ensure integration of required cybersecurity activities into program schedules
• Ensure the Marine Corps Assessment and Authorization (A&A) activities are integrated into the project planning and executed as planned
• Conduct quarterly reviews of the System Security Plans, Information System Continuous Monitoring plans, Boundary Diagrams, Hardware, Software and STIG Matrix
• Draft Memorandum of Understanding (MOU)s, Memorandum of Agreements (MOA)s, and Memorandum for the Record (MFR)s as required to capture system activities and requirements
• Assess and document the security control set for assigned systems to determine the applicability and compliance of the individual controls within the security control set
• Develop Cyber Security Strategy based on the security categorization for assigned systems
• Develop Security Plan (SP) and Information System Continuous Monitoring (ISCM) strategy in MCCAST or eMASS for assigned systems
• Support the NSWC IHD GWS lead in completing, assembling, and submitting the Security Authorization Package (SAP) for the SCA and AO review and AO authorization
• Support the SCA and AO review of the SAP to address feedback received during the review
• Support the NSWC IHD GWS lead in implementing and testing the security control set IAW the SAP.  Documenting the pre-assessment results in a Plan of Actions and Milestones (POA&M) and Security Assessment Report (SAR).
• Support the SCA and AO review of the pre-assessment POA&M and SAR to address any feedback received during the review
• Assist the NSWC IHD GWS lead in providing updates to the Security Validation POA&M to address open vulnerabilities that were verified by the SCV during the official security assessment
• Support the NSWC IHD GWS lead in maintaining the security posture of assigned systems as identified in the ISCM Strategy
• Support the NSWC IHD GWS lead in planning and performing cyber security testing by continuously assessing the security posture of assigned systems
• Assist with any security testing required as part of A&A self-assessments

Qualifications

Required Experience and Education:

• Bachelor’s degree from an accredited college or university in Computer Science or Information Management; preferred
• Eight (8) years of professional experience
• At least six (6) years of experience in defining security programs or processes for the protection of sensitive or classified information
• Six (6) years of systems related experience or DoD 8570 IAT Level II qualifications may be substituted for a bachelor’s degree
• Sec , or equivalent, required
• Experience working in a team-oriented, collaborative environment

Preferred Experience and Education:

• Experience with MCCAST and or eMASS
• Certification in any of the following: CISM, CISA, CySA

Security Requirements:

• Secret Clearance

Equal Opportunity Employer:

CommIT Enterprises, Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.