Information Systems Security Officer (ISSO) (m/f)
Cubic Corporation is the parent company of three major businesses, Cubic Transportation Systems (CTS), Cubic Global Defense (CGD), and Cubic Mission Solutions (CMS). CTS is a leading integrator of payment and information technology and services for intelligent travel solutions worldwide. CGD is a leading provider of realistic combat training systems, secure communications and networking and highly specialized support services for military and security forces of the U.S. and allied nations. CMS provides networked Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) capabilities for defense, intelligence, security, and commercial missions. All three of our businesses provide innovative technology and an integrated approach to systems and services for government and commercial customers around the globe. This integration ensures our customers receive streamlined operations and strategy, cost-efficiency and speed to market.
The Information Systems Security Officer (ISSO) works with System Administrators (SA), Command Information System Security Manager (ISSM), other Information System Security Officers (ISSOs), multiple Branch Heads, multiple Program Managers (PMs) and a project strategist in support of the completion of a mixture of Certification and Accreditation (C&A) boundaries consolidated into overarching master boundaries in support of information assurance policy and regulations. In addition to C&A package development, the individual will be responsible for the day to day operations as an ISSO.
Duties and Responsibilities
- Develop and maintain an organizational or system-level cyber security program that includes cyber security architecture, requirements, objectives and policies, cyber security personnel, and cyber security processes and procedures.
- Provide support to the System Owner and the ISSM for maintaining the appropriate operational IA posture for a system, program, or enclave.
- Provide support to the customer on all matters involving the security of their information systems.
- Assist with the management of all security aspects of the information system and as assigned performs day-to-day security operations of the system.
- Assist in the development of the system security policy and ensures compliance with that policy on a routine basis.
- Prepare, validate, and maintain security documentation including, but not limited to:
- System Security Plan (SSP)
- Risk Assessment (RA)
- Contingency Plan (CP)
- Privacy Impact Assessment (PIA)
- Authentication Assessment
- FIPS categorization.
- Provide configuration management for security-relevant information system software, hardware, and firmware, controlling changes to the system and assessing the security impact of those changes.
- Identify and mitigate security business and system risks.
- Identify and manage POA&Ms through remediation as well as develop corrective action plans for each POA&M.
- Maintain a repository for all organizational or system-level cyber security-related documentation such as DIACAP/RMF processes within eMASS or other automated process.
- Maintain Defense Information Technology Portfolio Registry (DITPR) for client systems and software.
- Ensure implementation of Information System (IS) security measures and procedures, including reporting incidents to the Command Information System Security Manger (ISSM) and appropriate reporting chains
- As well as coordinating system-level responses to unauthorized disclosures in accordance with DoDM 5200.01 Vol. 3 for classified information or DoDM 5200.01 Vol. 4 for CUI, respectively.
- Implement and enforce all DoD IS and Platform Information Technology (PIT) system cyber security policies and procedures, as defined by cyber security-related documentation.
- Ensure that all users have the requisite security clearances and access authorization, and are aware of their cyber security responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.
- In coordination with the ISSM, initiate protective or corrective measures when a cyber security incident or vulnerability is discovered.
- Establish a process for authorized users to report all cyber security-related events and potential threats and vulnerabilities to the ISSO.
- Ensure that all DoD IS cyber security-related documentation is current and accessible to properly authorized individuals.
- Ensures proper Configuration Management procedures are followed. Prior to implementation and contingent upon necessary approval with the ISSM.
- Initiates requests for temporary and permanent exception, deviations, or waivers to IA requirements such as Plan of Action and Milestones (POA&Ms).
- Ensures IA and IA-enabled software, hardware and firmware comply with appropriate security configuration guides.
- Provide status updates of assigned duties to the appropriate agency heads as defined in their respective Service Level Agreement (SLA).
- Respond to all applicable data calls, CTO’s, FRAGO’s, IAVA’s, etc... within the requested timeframe.
- Attend all Cyber security Workforce Meetings when requested.
Required Education and Experiences:
- (BA) Bachelor’s Degree plus 3 years of recent specialized experience
- OR an (AA) Associate’s Degree plus 7 years of recent specialized experience
- OR a major certification plus 7 years of recent specialized experience
- OR 11 years of recent specialized experience.
- Baseline DoDI 8570 IA Certifications are required – a current Comp. TIA Security+ or greater certification.
- A higher level certification, such as GSLC, CAP, CASP, CISM, CISSP, are also appropriate.
Desired Skills and Qualifications:
- A working knowledge of RMF and the security authorization processes and procedures.
- Knowledge of NIST Special Publications and their counterparts, especially SP800-37, SP800-53, ICD 503, and CNSS 1253.
- Ability to communicate clearly and present information to the customer in a format they can understand.
- Experience in several of the following areas: knowledge of current security tools, hardware and software security implementation; different communication protocols; and encryption techniques/tools.
- Familiarity with commercial security products, security authorization techniques, security incident management, and PKI and authorization services.
- Must be able to prioritize tasks, deliver solutions on time and be a team player with the ability to work independently and proactively while being flexible and prioritizing competing priorities, often under time constraints.
- Have strong analysis, oral and written communication, and change management skills with ability to plan, organize, prioritize, track, manage, and learn new skills.
- It is preferred that a candidate have at least one year of experience under the DoD Information Assurance Certification and Accreditation Process (DIACAP) and/or Risk Management Framework (RMF) accreditation process and has a familiarity with Enterprise Mission Assurance Support Service (eMASS).
- Technical familiarity with Windows 7 Enterprise/Windows 10 Professional, Windows Server 2012, and Red Hat Linux is also preferred.
- Experience with providing IA or IT support to a US Army client desirable, but not required.
- Proficiency with using the Internet and with Microsoft Office products
including e-mail, Word, Excel, Access and Project is required.
- Completion of required certifications required within six (6) months of hire date.