The ISSO will be responsible for the implementation of the information assurance program in accordance with DoD 5205.07.
Responsibilities
Ensure information systems are functional and secure within the network environment in accordance with RMF guidelines
Conduct vulnerability assessments using tools such as ACAS, Defense information Systems Agency (DISA) STIGs, and or Security Content Automation Protocol (SCAP) Compliance Checker
Perform weekly audit reviews via third party software or OS embedded capability
Develop, implement, and enforce security policies and procedures in accordance with applicable laws and regulations
Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations to include SCTM’s, POA&M’s, SSP’s, CONMON and Risk Assessment Reports (RAR)
Recommend resource allocations required to securely operate and maintain information system requirements
Utilize automated management and information systems tools in performing fact finding, analytical, and advisory functions related to information assurance activities
Participate in Information Systems risk assessment during the A&A process
Develop security requirements for hardware, software, and services acquisitions specific to multiple operating security programs
Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate Network Environment (NE) security configuration guidelines, policies, and procedures
Requirements
Top Secret Clearance with SCI eligibility
DoD 8140/8570 Information Assurance Management (IAM) Level II cybersecurity certification (CAP, GSLC, CASP, CISM, or CISSP (or Associate))
Experience utilizing ACAS / Nessus Security Center
Experience performing audit reviews via third party software or OS embedded capability
