Information System Security Officer chez BASESOLU

Job Description

• Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. 
• Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals.
• Coordinate cybersecurity processes and activities for assigned systems.
• Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs.
• Provide oversight of Security Plans for assigned systems throughout their lifecycle.
• Manage and maintain Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and where possible, remediated.
• Assist with the identification of security control baselines and applicable overlays.
• Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
• Adjudicate findings from Package Submitting Officer (PSO).
• Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS).
• Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews.
• Ensure the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy.
• Review all data produced by Continuous Monitoring activities, update the eMASS record as necessary, and escalate to leadership for action, if required.
• Correlate findings from non-RMF vulnerability assessments (e.g., Development Test (DT)/Operational Test (OT), penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking, ensuring a holistic risk assessment.
• Participate in change control and configuration management processes.
• Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM).

Qualifications

• Bachelor’s degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university
• Six (6) years of experience coordinating and enacting required security changes, with in various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response by isolating potentially effected assets, initial investigation and data collection