Looking for an energetic Information Systems Security Officer (ISSO) to support the special programs sustainment branch at Tinker AFB OK.
Must have DoD 8570 Information Assurance Management Level I and GIAC Security Leadership Certification Security+, or equivalent certifications, and 3-5 years of classified information systems experience working with an Information System Security Manager (ISSM) to develop and implement DoD security controls on DoD ACAT I, ACAT II, or ACAT Other programs. DoD Directive 8140.01 IS and IA certifications, Air Force Special Access Authorization Tool experience, and experience implementing the Risk Management Framework (RMF) per the Joint SAP Implementation Guide (JSIG), are highly desired.
Experience developing IA Standard Operating Procedures, System Security Plans (SSPs), and implementing audits, threat and vulnerability assessments, and applying security-related software tools to manage and control classified information systems.
Experience managing the configuration of classified information systems. Uploading and downloading files across classified networks operating at different classification levels, and controlling and recording all incoming and outgoing digital media. Accomplishing self-assessments using the Management Internal Control Toolset (MICT). Experience resolving information systems security incidents. Developing and critically reviewing information assurance and cyber security documentation.
Perform Risk Framework Management (RFM) activities leading to system RMF acceptance in support of the requirements of established DoD RMF guidance (DoDI 8510.01), which includes:
- System categorization
- Selecting security controls
- Implementing security controls
- Assessing security controls
- Monitoring security controls
- Documentation development, review, updates at each phase
- Interaction with accepted certification data system
- Framework (RMF) certification packages.
- Coordination of activities with Engineering Directorate IT Management Branch
Activities will comply with, but are not limited to, the following:
- DoDI 8500.01 – Cybersecurity
- DoDI 8510.01 – Risk Management Framework for DoD Information Technology
- DoD 8570.01M – Information Assurance Training, Certification, and Workforce Management
- NIST 800-series Special Publications (SP), Computer Security
- AFI 33-200 – Information Assurance Management
- AFI 33-210 – Air Force Certification and Accreditation (C&A) Program
Additional Requirements and Knowledge:
- Review weekly bulletins and advisories that impact security of site information systems to include AFCERT, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.
- Ensure that periodic testing (monthly for PL-5 systems) is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs).
- Ensure that all ISSOs receive the necessary technical (e.g., operating system, networking, security management, Sys Admin) and security training to carry out their duties.
- Assist ISSOs to ensure proper decisions are made concerning the levels of concern for confidentiality, integrity, and availability of the data, and the protection levels for confidentiality for the system.
- Ensure the development of system accreditation/certification documentation by reviewing and endorsing such documentation and recommending action to the DAA Rep/SCO.
- Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.
- Maintain, as required by the DAA Rep/SCO, a repository for all system accreditation/certification documentation and modifications.
- Coordinate IS security inspections, tests, and reviews.
- Investigate and report (to the DAA/DAA Rep/SCO and local management) security violations and incidents, as appropriate.
- Ensure proper protection and corrective measures have been taken when an IS incident or vulnerability has been discovered.
- Ensure data ownership and responsibilities are established for each IS, to include accountability, access and special handling requirements.
- Ensure development and implementation of an effective IS security education, training, and awareness program.
- Ensure development and implementation of procedures in accordance with configuration management (CM) policies and practices for authorizing the use of hardware/software on an IS. Any changes or modifications to hardware, software, or firmware of a system must be coordinated with the ISSM/ISSO and appropriate approving authority prior to the change.
- Develop procedures for responding to security incidents, and for investigating and reporting (to the DAA Rep/SCO and to local management) security violations and incidents, as appropriate.
- Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized.