Facility Security Officer/ISSM-Skillbridge Internship
Sparton · Fairfax, VA · 3 mo ago
Information TechnologyFull-time
Job Summary
The Facility Security Officer (FSO) is responsible for implementing and maintaining a security program that complies with the NISPOM and other regulations. The ISSM is responsible for ensuring the appropriate operational security posture is maintained for information system security requirements.
FSO Responsibilities
- Serve as the manager on all physical and Proxy Agreement security requirements, with working knowledge of Foreign Ownership, Control and Influence (FOCI) policy and security structure.
- Provide support for all security actions in accordance with corporate and governmental policies and directives.
- Oversee the day-to-day security operations of each system, associated media and networks.
- Develop and maintain compliance standard procedures supporting customer and government agency requirements.
- Develop and maintain effective security awareness training.
- Safeguard and assure accountability of all classified materials and areas in accordance with NISPOM requirements.
- Manage visit requests and Cleared personnel visit requests utilizing DISS.
- Process and manage personnel security clearances using DISS and assist new applicants with the e-QIP process.
- Plan, examine, analyze, evaluate and provide oversight of security operations; prepare reports and record for management team.
- Conduct annual clearance justifications and advise leadership when an employee does not meet clearance requirements.
- Manage the Operational Security (OPSEC) requirements for all government sensitive programs and ensure personnel cleared on those programs receive initial and refresher.
Desired ISSM Responsibilities
- Reviewing, preparing, and updating ATO packages in accordance with NIST Risk Management Framework and customer policy, procedures and guidelines.
- Identify and communicate changes that might affect information system (IS) security authorization status.
- Act as a liaison with government agencies, such as Defense Security Service (DSS) Information System Security Professionals (ISSP), Advanced / Special Program government Security Control Assessors (SCA), and other external / internal customers.
- Development, implementation, and maintenance of System Security Plans (SSP), Standard Operating Procedures (SOP), information security policies to ensure compliance with Risk Management Framework (RMF) guidelines.
- Development and maintenance of Plan of Action and Milestones (POA&M) through mitigation and risk acceptance.
- Oversee the scheduling, installation, implementation and maintenance of security software integration on all information systems under his/her purview.
- Ensure proper measures are taken when an information system incident or vulnerability is discovered.
- Maintain, and execute the information security continuous monitoring (ConMon) plan.
- Ensure configuration management (CM) policies and procedures for authorizing the use of hardware/software on an information system are followed and assess changes to the system, its environment, and operational needs that could affect the security authorization.
- Perform self-inspections, provide security coordination and review of system test plans.
- Identify vulnerabilities and work with technical subject matter experts to identify and implement countermeasures.
- Assists in the coordination, preparation, and tracking of IS inspections, reports, and responses.
- Deploy and configure scanning tools to conduct security vulnerabilities reviews in support of continuous monitoring processes.
- Conduct scheduled audits and managing audit data.
- Prepare reports on the status of security safeguards applied to computer systems.
- Ensure IS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices.
Minimum Requirements
- Active military, Skillbridge eligibility.
- Active Secret clearance with the ability to obtain and maintain a Top Secret (TS).
- Experience as an FSO (desired).
- Completion of CDSE FSO Certification (desired; must complete within 6 months of start).
- Working knowledge of CFR 32 Part 117 (NISPOM), ICDs, and associated industrial security regulations.
- Experience with government systems (DISS, NCAISS, e-APP, NBIS, SWFT).
- U.S. Citizen.
Skills for ISSM (Desired)
- Minimum of 1 to 2 years of experience as an assistant ISSO, Alternate ISSM, or DoD equivalent at an organization of similar size and complexity.
- Relevant bachelor’s degree a plus.
- Experience with AIS reaccreditation process and security controls under the NIST Risk Management Framework, in accordance with NIST special publications, including SP-800-171, SP-800-53, and DAAPM.
- Knowledge of other security disciplines and how they impact and interact with information system security.
- Ability to obtain and maintain a Top-Secret Clearance.
- Ability to perform technical certifications for systems being presented to the government for authorization, to include type accreditation.
- Understanding of network concepts and Type 1 encryption devices, such as TACLANE.
- Familiarity with CUI requirements for unclassified IT systems and SIPRnet connectivity process is a plus.
- Desirable certifications include Security+, CISSP or other DoD 8570.1 certifications.
- Familiarity and understanding of Microsoft Windows 10 security and administrative settings, and ability to meet STIG/JSIG/NISPOM requirements for IS.