Description
SAIC is seeking an individual with both Cyber and ISSO experience to support an Air Force program out of Randolph AFB in San Antonio, TX. (This is an onsite position).
We are seeking an experienced Information System Security Officer (ISSO) with expertise in Department of Defense (DOD) compliance standards and a strong familiarity with Authority to Operate (ATO) workflows. In this role, you will be responsible for ensuring the security and compliance of our information systems, particularly those within DOD environments.
Key Responsibilities:
DOD Compliance: Lead efforts to ensure that our information systems and processes comply with Department of Defense (DOD) cybersecurity and information assurance standards, including NIST SP 800-53, DOD RMF, and other relevant guidelines.
ATO Workflow: Manage the Authority to Operate (ATO) process, collaborating with relevant stakeholders to ensure timely and successful ATO approvals. This includes preparing and submitting documentation, conducting security assessments, and liaising with the DOD's Authorizing Official (AO).
Security Assessments: Perform security assessments, vulnerability assessments, and penetration tests on information systems to identify and mitigate security risks. Provide remediation guidance to address vulnerabilities and weaknesses.
Security Documentation: Develop, update, and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), and other relevant documents required for ATO.
Security Awareness: Promote a culture of cybersecurity awareness by educating staff and stakeholders about security policies and best practices. Ensure that security training and awareness programs are in place.
Incident Response: Assist in the development and implementation of an incident response plan, and participate in incident response activities as necessary.
Continuous Monitoring: Implement and maintain continuous monitoring processes to detect and respond to security threats and vulnerabilities promptly.
Collaboration: Collaborate with cross-functional teams, including IT, engineering, and compliance teams to ensure security requirements are integrated into system designs and processes.
Qualifications
Qualifications:
Bachelor's degree five (5) years experience; or relevant years of experience in lieu of degree.
Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification preferred. IATIII certification required.
Minimum of 3 years of experience as an ISSO or in a similar role.
In-depth knowledge of DOD compliance standards, including NIST, RMF, and DODI 8500.01.
Proven experience in managing ATO processes and achieving ATO approvals.
Familiarity with security assessment tools such as EMASS, SCAP, STIGs, and Trellix.
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
SAIC is seeking an individual with both Cyber and ISSO experience to support an Air Force program out of Randolph AFB in San Antonio, TX. (This is an onsite position).
We are seeking an experienced Information System Security Officer (ISSO) with expertise in Department of Defense (DOD) compliance standards and a strong familiarity with Authority to Operate (ATO) workflows. In this role, you will be responsible for ensuring the security and compliance of our information systems, particularly those within DOD environments.
Key Responsibilities:
DOD Compliance: Lead efforts to ensure that our information systems and processes comply with Department of Defense (DOD) cybersecurity and information assurance standards, including NIST SP 800-53, DOD RMF, and other relevant guidelines.
ATO Workflow: Manage the Authority to Operate (ATO) process, collaborating with relevant stakeholders to ensure timely and successful ATO approvals. This includes preparing and submitting documentation, conducting security assessments, and liaising with the DOD's Authorizing Official (AO).
Security Assessments: Perform security assessments, vulnerability assessments, and penetration tests on information systems to identify and mitigate security risks. Provide remediation guidance to address vulnerabilities and weaknesses.
Security Documentation: Develop, update, and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), and other relevant documents required for ATO.
Security Awareness: Promote a culture of cybersecurity awareness by educating staff and stakeholders about security policies and best practices. Ensure that security training and awareness programs are in place.
Incident Response: Assist in the development and implementation of an incident response plan, and participate in incident response activities as necessary.
Continuous Monitoring: Implement and maintain continuous monitoring processes to detect and respond to security threats and vulnerabilities promptly.
Collaboration: Collaborate with cross-functional teams, including IT, engineering, and compliance teams to ensure security requirements are integrated into system designs and processes.
Qualifications
Qualifications:
Bachelor's degree five (5) years experience; or relevant years of experience in lieu of degree.
Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification preferred. IATIII certification required.
Minimum of 3 years of experience as an ISSO or in a similar role.
In-depth knowledge of DOD compliance standards, including NIST, RMF, and DODI 8500.01.
Proven experience in managing ATO processes and achieving ATO approvals.
Familiarity with security assessment tools such as EMASS, SCAP, STIGs, and Trellix.
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.