CACI International ISSO (Security Compliance) in St. Louis, Missouri
ISSO (Security Compliance)
Job Category: Security
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required:
Type of Travel:
CACI is seeking a TS/SCI cleared, dynamic technical professionals to join our UDS program to support our NGA customer. As a team, we focus on the design, engineering, implementation, operations, sustainment and disposal of user facing and data center IT services for our customer. With a strong emphasis on continuous improvement and innovation of user facing and data center services that drives efficiencies and effectiveness. Be a part of something greater than yourself and make a lasting impact at CACI.
What You’ll Get to Do:
CACI is hiring an ISSO (Security Compliance)
More About the Role:
Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Systems risk assessment
Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system
Assist the component with staying on track with Core Controls and A-123 control assessment schedules
Work with components to ensure each Risk Based Decisions (RBD's) has a current Waivers.
Coordinate with CSS Customer Liaison support, including status of the process and POA&Ms.
Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
Develop or update the Business Continuity and Contingency Plan for the component.
Assist the components with decisions that affect security of their systems and networks.
Facilitate preparations for the tri-annual Security Assessment and Authorization (SA&A) component's Information System.
Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
Review information system infrastructure and application architecture to assess security requirements
Review existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.)
Assess NIST 800-53, Rev 4. Control and document results
Evaluate and strengthen standard SA&A Documentation
Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities;
Based on the risk profile of the analyzed systems, development and documentation of a Plan of Action and Milestones (POA&M) for mitigating those risks;
Design and development of comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems;
Development of Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems; Design, development, and validation of System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
Design and development of Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems
Conduct OMB A-123 security assessments of Federal Government IT Systems.
You’ll Bring These Qualifications:
Bachelor's Degree in Computer Science or related technical discipline, or the equivalent combination of education, technical certifications or training, and work experience
5+ years' experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
5+ years' experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
5+ years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems
Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system
TS/SCI clearance required and eligibility to obtain/maintain a CI Poly
8570 Complaint required, at a min IAT II within 6months from hire date
Current certification in one or more of the following IT Security disciplines:
o ISACA - Certified Information Systems Auditor (CISA)
o ISACA - Certified in Risk and Information Systems Control (CRISC)
o ISACA - Certified Information Security Manager (CISM)
o ISACA - Certified in Governance of Enterprise IT(CGEIT)
o (ISC)2 - Certified Information Systems Security Professional (CISSP)
o (ISC)2 - Certified Authorization Professional (CAP)
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.
As a federal contractor, CACI is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.