Job opening: Information System Security Officer (ISSO) NF4
Salary: $72 000 - 87 000 per year
Published at: Mar 04 2024
Employment Type: Full-time
Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Duties
This position serves as the Information System Security Officer (ISSO) for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will work under the direction of an Information System Security Manager to provide system security officer services to Marine Corps installations worldwide.The Information System Security Officer (ISSO) serves within the Enterprise Cybersecurity and Compliance Office. The ISSO will serve as an analyst for all disciplines within the security program including the enforcement of the organization¿s security awareness programs, continuous monitoring program, and all industry and governmental compliance issues. Verifies IT security awareness compliance amongst the user community through annual security training records. Tracks the implementation of information technology (IT) security controls and security authorization documents; and ensures the system is compliant with mandated security policies and requirements. Works closely with and receives reports from Information Systems Administrators and system owners.Analyzes the security posture for one or more system(s) throughout the entire lifecycle; provides continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed. Provides technical recommendations for all Risk Assessments and Vulnerability Assessments conducted for the system or site. Provides security analysis of IT activities to ensure that appropriate security measures are in place and being enforced. Tracks audit findings and recommendations to ensure that appropriate mitigation actions are taken.Performs security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures. Follows systematic processes to measure continuous monitoring targets, FISMA goals, and readiness inspection criteria. Conducts analysis and reporting of identity and access management (idAM) compliance.Assists in the daily operations of the MR Cybersecurity program objectives to implement processes and procedures as they relate to DoD , DON, USMC, MCCS policy, standards, and guidelines. Provides security monitoring for MR and subordinate commands to include coordinating MR security measures, conducting analysis, tracking certification compliance, processing access card requests, and review of information system configurations at appropriate classification levels. Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives. May conduct and coordinate training of personnel within pertinent cybersecurity subject domain as appropriate. May be responsible for raising security awareness and facilitating improved security.
Requirements
- See Duties and Qualifications
Qualifications
Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND three years of experience performing specific tasks for Information System Security Officer (ISSO), audit log analysis, vulnerability management, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, network authentication identity and access management, intrusion detection methodologies and techniques for detecting host and network-based intrusions, and organization's risk tolerance and/or risk management approach.Skill in evaluating adequacy of security design, using protocol analyzers, collecting data from a variety of cyber resources, recognizing and categorizing types of vulnerabilities, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, conducting trends analysis, and security configuration reviews.Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), conduct vulnerability scans and recognize vulnerabilities in security systems, and interpret the information collected by network tools.As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment. This position has been determined as a level 2 ISSO.This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.Eligible for incremental telework as determined by MR/MF policy.Measures of Effectiveness: To ensure that all employees are working in a way that aligns with our mission and values, in addition to yearly goals, performance against the following critical elements will be reviewed during the Performance Management Process:All employees: Work Quality, Customer Service, Interpersonal Skills.
Contacts
- Address BUSINESS AND SUPPORT SERVICES
DIVISION
3044 CATLIN AVE
QUANTICO, VA 22134-5003
USA
- Name: BUSINESS AND SUPPORT SERVICES
- Phone: 703/432-0435
- Email: [email protected]
Map