Information Systems Security Officer (ISSO) II
General Dynamics
- Salt Lake City, UT
- Permanent
- Full-time
- Lead, cultivate and maintain productive working relationships with other Prime customer managers, data stewards, and senior leadership to foster productive and positive cyber security profile
- Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon cloud integration of SAP network infrastructures
- Participate in the strategic planning and implementation of the Cyber Security Program
- Provide expert input to the formulation of cyber security policies based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process
- Advise customer on Risk Management Framework (RMF) assessment and authorization issues
- Develop and implement a security assessment plan
- Perform risk assessments and make recommendations to customer
- Evaluate authorization documentation and provide bodies of evidence for RMF packages
- Maintain a formal Information Systems Security Program
- Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties
- Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation
- Develop and execute security assessment plans that include verification and validation of completed features planned SCRUM activities
- Participate in Configuration Control Board (CCB) meetings
- Maintain a and/or applicable repository for all system authorization documentation and modifications
- Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents
- Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
- Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements
- Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
- Assess changes in the system, its environment, and operational needs that could affect the authorization
- Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview
- Conduct periodic assessments of the security posture of the authorization boundaries
- Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented
- Ensure all authorization documentation is current and accessible to properly authorized individuals
- Ensure that system security requirements are addressed during all phases of the system life cycle
- Establish and develop a self-inspection program within the organization
- Periodically review system security to accommodate changes to policy or technology
- Coordinate all technical security issues outside of area of expertise or responsibility with ISSE
- Provide leadership, mentoring, and quality assurance for Cyber Security and Information Technology team members
- 10+ years related experience.
- Prior performance in roles such as ISSO or ISSM.
- 2+ years SAP experience required.
- Master's degree or equivalent experience (6 years)
- IAT Level III or IAM Level III
- TS
- Eligibility for access to Special Access Program Information
- Must have expert knowledge of DoD Joint Special Access Program Implementation Guide (JSIG) authorization process
- Local to Salt Lake City, Utah/ 50%-75% travel per month.