VariQ has an exciting opportunity for a highly qualified ISSOto support the Defense Information Systems Agency (DISA) in Ft. Meade, MD.
Available upon award, currently in proposal/bid stage
Location: Ft. Meade and Contractor site
Security Clearance: TS/SCI
Salary: dependent upon experience
Shall have at least 5 years of specialized experience in the field of Information Systems Security Officer
Shall have an Information Assurance Manager (IAM) Level II certification in accordance with DoD 8570.01-M (CAP, CASP, CISM, CISSP).
Shall have experience in working with RMF including ushering of packages through the Security Control Assessor (SCA) and Authorizing Official (AO).
Shall be capable to coordinate and lead discussions during Risk Management Framework (RMF) meetings; maintain close communication within the DISA Services Development (SD) development teams; and report status to the DISA SD13 Information System Security Managers (ISSMs) as per reference DoD Instructions 8500.01 and 8510.01.
Shall have a background and understanding of the SIPRNet and NIPRNet Enterprise Mission Assurance Support Service (eMASS) and be able to prepare RMF Packages.
Shall be able to support the Information Systems Security Manager (ISSMs) by interacting with developers, System Information Systems Security Officer (ISSOs), Information Systems Security Engineers (ISSEs), Code Reviewers, and Validators.
Able to resolve Security Technical Implementation Guides (STIG) and security control findings and update Plan of Action and Milestones (POA&Ms) spreadsheet as directed by the Government. Track, monitor and evaluate all related Information Assurance Vulnerability Management (IAVMs) through identification to closeout.
Experienced in developing and maintain the Risk Management Framework (RMF) package to include maintaining the system/program artifacts (compelling evidence), assigning security controls based on the system categorization as required by Committee of National Security Service (CNSS) 1253 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60, Volume II, ensuring the system/program is properly registered in eMASS, identifying the system/program RMF Team members, and initiating the RMF System Security Plan (SSP).
Experienced in validating assigned Security Controls including execution of the SSP, coordinate validation activities, and compiling the status of the validation results in the RMF Scorecard.