Information Assurance Lead/ISSM

Osi Vision is seeking an Information Assurance (IA) Lead/Information Systems Security Manager (ISSM) who will be responsible for safeguarding the organization’s sensitive information, systems, and networks in support of Air Force Civil Engineer Center (AFCEC) Functional Management Office (FMO) Information Technology (IT) requirements. The position is contingent upon award.

Overview of IA Lead/ISSM Support: The IA Lead/ISSM is responsible for safeguarding the organization’s sensitive information, systems, and networks. Primary responsibility is to develop and implement robust security measures to protect data and assets from potential cyber threats and attacks. The ISSM will work closely with the IT team and other departments to ensure that security protocols are in place and always adhered to and is responsible for evaluating, monitoring, and maintaining compliance with industry standards and regulatory requirements.

Duties and Responsibilities:

• Function as the primary Cyber Security representative for ensuring AFCEC systems are assessed, comprehensively tested, and authorized to connect to the network.
• Prepare Assessment and Authorization (A&A) packages for Government review and validation.
• Ensure authorization packages meet mandatory requirements for approval by the Authorizing Official (AO).
• Provide A&A information to the AFCEC Business Systems Management Division (CBS) IA Lead for appropriate tracking.
• Identify and analyze threats and vulnerabilities to information systems to maintain the appropriated level of protection.
• Perform risk analysis, testing, and assessments when modification and/or changes occur to applications/systems.
• Review and provide appropriate approval for all hardware, software, and firmware products that provide security features and/or IA enabling capabilities prior to use on any assessed and authorized information system operating on the network.
• Hold overall responsibility for data quality in the Information Technology Investment Portfolio Suite (ITIPS) in support of the AF Chief Information Officer (CIO) portfolio management process and quarterly updates to DoD IAW FISMA.
• Assist the Government in complying with legal and statutory reporting requirements, mandatory Federal Information Security Modernization Act (FISMA) reporting guidance, and Office of Management and Budget (OMB) data calls.
• Execute computer security plans and enforce mandatory access control techniques to prevent unauthorized persons from using network facilities.
• Limit access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel.
• Evaluate unusual circumstances to recognize and define potential vulnerabilities and select and oversee the installation of physical and technical security barriers to prevent others from improperly obtaining such information.
• Identify, manage, and verify cybersecurity requirements in the same manner as all other system requirements.
• Identify the requirements that are security critical and identify and establish corresponding controls for these requirements.
• Ensure and document bi-directional traceability between security controls and requirements.
• Identify and implement the applicable cybersecurity controls from Committee on National Security Systems Instruction (CNSSI) Number (No.) 1253 for the system using the Risk Management Framework (RMF) developed by the program.
• Satisfy all cybersecurity requirements IAW Air Force Instruction (AFI) 63-101, Integrated Life Cycle Management, and DoD Instruction (DoDI) 8510.01, the DoD Program Manager’s Guidebook for Integrating the Cybersecurity RMF.
• Implement the applicable cybersecurity controls through the systems engineering technical processes including stakeholder requirements definition, requirements analysis, architecture design, implementation, integration, and verification and validation (V&V).
• Include cybersecurity RMF activities and events on the Integrated Master Schedule (IMS).
• Update the following documents as needed to meet requirements as defined in AFI 17-101
• System Security Plan (SSP).
• Security Architecture Diagrams.
• Security Test Plans (STP).
• Business Impact Analysis (BIA).
• Continuous Monitoring Plan (CMP).
• Mission Risk Assessment Briefing (MRAG).
• Ports, Protocols, and Services (PPS) Matrix.
• Develop and implement information security policies, procedures, and guidelines to ensure the protection of company data and assets.
• Conduct regular security assessments and audits to identify vulnerabilities and recommend appropriate solutions.
• Monitor network and system activities for security breaches and initiate timely responses to incidents.
• Manage and enforce access controls, authentication, and authorization systems to safeguard sensitive information.
• Collaborate with IT team to design, implement, and maintain security protocols for networks, systems, and applications.
• Stay updated with the latest security technologies, trends, and best practices to ensure the continuous enhancement of our security measures.
• Provide training and guidance to employees on security policies, procedures, and incident response plans.
• Collaborate with external auditors, regulatory bodies, and stakeholders to ensure compliance with industry standards and regulations.
• Participate in the development and execution of disaster recovery and business continuity plans.
• Routinely perform a wide variety of administrative support duties.

Required Qualifications:

• Minimum of five years of experience as an Information Systems Security Officer (ISSO)/ISSM or experience in a similar (i.e., size, scope, and complexity) technical area.
• Minimum of five years of experience with managing teams in an environment similar (i.e., size, scope, and complexity).
• Minimum of five years management and practical experience in conducting Certification and Accreditation (RMF A&A) in a DoD environment.
• Active SECRET security clearance.
• Bachelor’s degree in Computer Science, IT, or related field.
• Project Management Institute (PMI) Project Management Professional (PMP) certification or Program Management Professional (PgMP).
• Must have an approved IA Manager (IAM) Level II certification, such as a Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP) CE, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or Associate, or Global Information Assurance Certification (GIAC) Security Leadership (GSLC).
• DoD approved cybersecurity baseline certifications require continuing education units (CEUs) to stay current. All certification holders will adhere to CEU policies set by their respective certification provider(s).
• In-depth knowledge of information security principles, practices, and technologies.
• Experience in conducting security assessments, audits, and risk management.
• Strong understanding of regulatory compliance requirements such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or other relevant standards.
• Proficiency in implementing and managing security tools and technologies, including firewalls, encryption, and intrusion detection systems.
• Excellent analytical and problem-solving skills with the ability to make quick, sound decisions under pressure.
• High-level of integrity and a commitment to maintaining the confidentiality of sensitive information.

Desired Qualifications:

• Minimum of ten years of experience as an ISSO or experience in a similar (i.e., size, scope, and complexity) technical area.