CACI International Information System Security Officer (ISSO) in Florham Park, New Jersey
Information System Security Officer (ISSO)
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI with Polygraph
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: None
What You’ll Get to Do:
Under limited direction, the Information Systems Security Manager (ISSO) is responsible for assisting the FSO and ISSM with the development, administration and management of information systems and security procedures for company and customer systems and networks supporting multiple customers.
The ISSO will be responsible for a portfolio of programs potentially spalling Collateral, SCI, and SAP/SAR levels. The candidate will support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for new programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities.
More About the Role:
Duties and Responsibilities:
Responsible for ensuring Information System Compliance with the potential to span multiple business areas or programs.
Ensure system security measures comply with applicable government policies. Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
Maintain thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
Ensure that each SSP has been implemented, that the specified security controls are in place and properly tested, and that the IS in functioning as described in the SSP.
Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
Utilize automated tools to document certification and accreditation requirements.
Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
Identify and document unique local threats/vulnerabilities to IS.
Report IS security incidents to the CSA. Ensure action is taken when an incident/vulnerability has been discovered.
Ability to obtain and maintain a full scope polygraph.
You’ll Bring These Qualifications:
- BS/BA + minimum 2-4 years of related work experience or equivalent
Experience as an ISSM/ISSO implementing NISPOM Chapter 8, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements in a SAP/SCI environment.
Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems
Experience with both Windows and Linux operating environments.
Knowledge with the Risk Managed Framework (RMF)
Familiarity conducting vulnerability scans.
Ability to draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, MSSP, RAR, SCTM)
These Qualifications Would be Nice to Have:
- Security+ or CISSP (Obtain within 6 months)
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.