SAIC is seeking a NOPS Information Systems Security Officer to be the
Primary Information Security interface to OSL customer Designated Accrediting Authorities (DAO), System Certification Officer (SCO), and to the NRO Office of Security (OS&CI), Enterprise Management Operations Center (EMOC), and Chief Information Security Officer (CISO), for all IT Security, Information assurance (IA), and Cyber Network Defense
· Coordinates/implements/maintains operational security posture for all assigned information systems
· Support and track Customer security authorization activities
· Perform vulnerability/risk assessment analysis to support certification and accreditation.
· Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Authorization and Accreditation (A&A) packages, and Security Controls Traceability Matrices (SCTMs)
· Oversee ISSOs under their purview to ensure proper policies and procedures are being followed
· Conduct periodic reviews and evaluations of required IS policies and procedures.
· Coordinate IS Security Inspections, tests, and reviews
· Manage, maintain, and execute the IS Continuous Monitoring Plan
· Completes/reviews ICD 503 documentation requirements within the Risk Management Framework (RMF) process
· Serves as OSL representative on the NRO Computer Incident Response Team (CIRT)
Clearance required to start TS/SCI with Polygraph
TYPICAL EDUCATION AND EXPERIENCE: Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience.
· Minimum 10 years’ experience as ISSO/ISSM
· Bachelor’s degree or equivalent experience.
· Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Manager Level 2 (Certified Information Systems Security Professional (CISSP), or equivalent)
· Knowledge and hands on experience with Risk Management Framework (RMF) process
· Broad technical understanding of information technology systems, software, and networks
· Familiarity with Program Security responsibilities to include but not limited to: OPSEC, Program Protection, Personnel Security clearances, Security Training and Education, Classification management
· Manage and oversee system General and Privileged User program
· In depth knowledge of network and information system security principles and test practices
· Previous experience controlling, labeling, virus scanning, and appropriately transferring data (upload/download) between information systems at varying classification levels
· Build rapport with customer and contractors at all levels
· Familiarity with applicable IC and DoD policies, procedures and operating instructions related to IT, IA and IM.
· Ideal candidate will be self-motivated, organized, and detail oriented.