Information Systems Security Officer

Description:
For nearly 50 years, CSA has delivered integrated technology and operational support services to meet the defense and federal sector's most complex enterprise needs. Working from operations centers and shipyards to training sites and program offices, CSA deploys experienced teams, innovative tools, and proven processes to advance federal missions.

Client Solution Architects (CSA) is currently seeking an Information Systems Security Officer to support a program at Grafenwoehr, Germany.

Works with System Administrators (SA), Command Information System Security Manager (ISSM), other Information System Security Officers (ISSOs), multiple Branch Heads, multiple Program Managers (PMs) and a project strategist in support of the completion of a mixture of Certification and Accreditation (C&A) boundaries consolidated into overarching master boundaries in support of information assurance policy and regulations. In addition to C&A package development, the individual will be responsible for the day-to-day operations as an ISSO.

**How Role will make an impact**:

- Develop and maintain an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
- Provide support to the System Owner and the ISSM for maintaining the appropriate operational IA posture for a system, program, or enclave.
- Provide support to the customer on all matters involving the security of their information systems.
- Assist with the management of all security aspects of the information system and as assigned performs day-to-day security operations of the system.
- Assist in the development of the system security policy and ensures compliance with that policy on a routine basis.
- Prepare, validate, and maintain security documentation including, but not limited to: system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy impact assessment (PIA), eAuthentication assessment, FIPS categorization.
- Provide configuration management for security-relevant information system software, hardware, and firmware, controlling changes to the system and assessing the security impact of those changes.
- Identify and mitigate security business and system risks.
- Identify and manage POA&Ms through remediation as well as develop corrective action plans for each POA&M.
- Maintain a repository for all organizational or system-level cybersecurity-related documentation such as RMF processes within eMASS or other automated process.
- Maintain Defense Information Technology Portfolio Registry (DITPR) for client systems and software.
- Ensure implementation of Information System (IS) security measures and procedures, including reporting incidents to the Command Information System Security Manger (ISSM) and appropriate reporting chains as well as coordinating system-level responses to unauthorized disclosures in accordance with DoDM 5200.01 Vol 3 for classified information or DoDM 5200.01 Vol 4 for CUI, respectively.
- Implement and enforce all DoD IS and Platform Information Technology (PIT) system cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
- Ensure that all users have the requisite security clearances and access authorization, and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.
- In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Establish a process for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO.
- Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals.
- Ensures proper Configuration Management procedures are followed. Prior to implementation and contingent upon necessary approval with the ISSM.
- Initiates requests for temporary and permanent exception, deviations, or waivers to IA requirements such as Plan of Action and Milestones (POA&Ms).
- Ensures IA and IA-enabled software, hardware and firmware comply with appropriate security configuration guides.
- Provide status updates of assigned duties to the appropriate agency heads as defined in their respective Service Level Agreement (SLA).
- Respond to all applicable data calls, CTO’s, FRAGO’s, IAVA’s ,etc within the requested timeframe.
- Attend all Cybersecurity Workforce Meetings when requested.
- Perform as needed system administration on JLCCTC or other simulations or interface systems as needed.
- Perform as needed technical operations, setup and tear down of servers, systems and integration tools; maintaining RMF compliance; providing input to exercise design and technical planning products.
- Support as needed other set-up, transition, and break down for all training and traini