Information Systems Security Officer (ISSO), Mid (MCSES III)

AMERICAN SYSTEMS is an employee-owned federal government contractor supporting national priority programs through our strategic solutions in the areas of Information Technology, Test & Evaluation, Program Mission Support, Engineering & Analysis, and Training.

Responsibilities:

• Maintain the appropriate operational security posture for assigned Information Systems (IS)and networks in accordance with cybersecurity policies, directives, and Information Assurance (IA) Standard Operating Procedures (SOP).
• Ensure the Confidentiality, Integrity, and Accessibility of all IS resources, organic to the supported organization, maintain a high level of operational availability.
• Serve as the principle technical advisor to the Information Systems Security Managers (ISSM), Program Security Officers (PSO), and Delegated Authorizing Officials (DAO).
• Perform functional duties, as the alternate ISSM, to maximize operational readiness and effectiveness.
• Provide expertise, to maintain the Authority to Operate (ATO) and Authorization to Connect (ATC) for assigned IS, ensuring Risk Management Framework (RMF) compliance.
• Provide support to Program Management Offices (PMOs), by conducting site surveys and providing technical information, to develop RMF artifacts to support ATO/ATC and to facilitate IS deployments and successful integration.
• Perform IS lifecycle management to facilitate requirements engineering, procurement, integration, operational sustainment, and destruction.
• Provide the organization, subject matter expertise to prepare for cybersecurity, physical and personnel security assessments from senior management .  
• Perform cybersecurity assessments for IS, within your area of responsibility, on a regular and consistent basis to identify potential vulnerabilities, evaluate the effectiveness of existing security controls, and ensure compliance with relevant policies and regulations.
• Develop supporting documentation, such as Plan of Action and Milestones (POA&M) and inspection reports, to coordinate events, capture discrepancies, and document remediation strategy for supported organizations.
• Develop and integrate policy and procedures to reinforce Access Controls (AC) for identified vulnerabilities.
• Participate in professional engagements with supporting and supported organizations, for successful collaboration, and to ensure assigned projects deliver desired results.
• Develop and maintain IS documentation to capture changes to the system, its operating environment, and to advice the Configuration Control Board (CCB) on ATO/ATC conflicts.
• Conduct cybersecurity audits and maintain audit record management, ensuring audit records are collected, reviewed, documented, and archived.
• Complete necessary, initial/annual, training to establish and maintain access to supported systems and networks.

Qualifications:

• 5 years of information systems management and cybersecurity experience.
• Active TS clearance with SCI eligibility.
• Proficient in firewall administration, intrusion detection systems, anti-virus software, and data encryption
• In-depth knowledge of information security principles and practices, including NIST SP 800-53 controls, DoD Risk Management Framework (RMF), and DoD Instruction 8510.01.
• Experience with cybersecurity RMF compliance and regulatory requirements.
• Strong analytical, problem-solving, and decision-making skills.
• Strong communication skills, adept at briefing executives and program IPT level leadership.
• Self-starter, strong work ethic, and willingness to be a contributing IPT member.

Certifications:

• Must possess an active DoD 8140/8570.01-M baseline certification at IAM Level II or higher (e.g., SecurityX CE, CySA+, CISSP, or CISM).
• Candidates without IAM Level II on day one may be considered if they currently meet IAT Level II and can obtain an IAM Level II certification within an agreed-upon timeframe.