(603) Information System Security Officer (ISSO) III
Arlo Solutions · Philadelphia, PA · 9 mo ago
Information TechnologyFull-time
Cybersecurity Compliance and Policy Implementation
- Assist the Information System Security Managers (ISSM) in executing their duties and responsibilities
- Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies
- Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs
- Manage and maintain Plan of Actions and Milestones (POA&M), tracking vulnerabilities through remediation
- Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews
- Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS)
- Participate in change control and configuration management processes
- Ensure execution of Continuous Monitoring requirements as defined in system strategies
- Review all data produced by Continuous Monitoring activities and update eMASS records as necessary
- Correlate findings from non-RMF vulnerability assessments to RMF controls for holistic risk assessment
Cybersecurity Analysis and Reporting
- Perform analysis of logs, events, and reporting from various data collection tools
- Evaluate system administrator, security engineer, and/or system owner proposed corrections
- Develop reports and produce procedural documentation as required
- Present data to management in a comprehensive and cohesive manner
Minimum Qualifications Including Certificates:
- Must be a U.S. Citizen
- Active Secret security clearance
- Bachelor's degree in computer science, information technology, communications systems management, or equivalent STEM degree from an accredited college or university
- Minimum 6 years of experience coordinating and implementing security changes, ensuring compliance with published policies, conducting cybersecurity vulnerability and threat analysis, and supporting cyber incident response
- Current IAM-II certification (CAP, CASP+ CE, CISM, CISSP, GSLC, CCISO, or HCISPP)
Desired Qualifications:
- Experience with the DoD Information Assessment and Authorization (A&A) process
- Familiarity with Risk Management Framework (RMF) implementation
- Proficiency with eMASS, VRAM, and other DoD cybersecurity systems
- Experience with NIST Special Publications and DoD/Navy cybersecurity directives
- Experience with vulnerability management tools (ACAS, HBSS, etc.)
- Knowledge of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
AAP Statement:
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.