1. Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities;
2. Assist in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance;
3. Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations;
4. Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and
5. Provide expertise in classified and unclassified ratings to customers.
6. Work closely with Certifiers to navigate the Certification & Accreditation process and produce all appropriate accreditation documentation.
7. Attend ISSO training course as required.
8. Perform interpretations of monthly vulnerability scan results of assigned systems.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret clearance is required. Must be able to obtain DHS EOD.
The ISSO is the principal point of contact for information assurance activities at the IT system level. The ISSO is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. It is required that this person possess a Security+, CAP, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Must possess a Bachelor's Degree or Associate's plus 2 years of related experience. Must possess experience with NIST standards. Candidates must possess experience interpreting vulnerability scanning results.