Information Systems Security Officer (ISSO) III

Philadelphia, PA
Active or Interim Secret Clearance Required

 @Orchard is supporting a growing Federal contract with proven capabilities in cybersecurity. We are seeking a skilled ISSO to be proposed as a bid-as-key for a new project supporting the Navy. This role will be based out of Philadelphia, PA and will be responsible for managing all aspects of the IA process. If awarded, this could be a fantastic opportunity to grow your career with a company that has built strong relationships within Defense and Intelligence. 

As the Information Systems Security Officer you will: 

• Assist Information System Security Managers (ISSMs) in executing duties and responsibilities.
• Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies.
• Ensure relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals.
• Coordinate cybersecurity processes and activities for assigned systems.
• Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs.
• Provide oversight of Security Plans for assigned systems throughout lifecycle.
• Manage and maintain Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and remediated where possible.
• Assist with identification of security control baselines and applicable overlays.
• Coordinate validation of security controls with Navy Qualified Validators (NQVs).
• Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
• Adjudicate findings from Package Submitting Officer (PSO).
• Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS).
• Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews.
• Report changes in system security posture to ISSM.
• Ensure execution of Continuous Monitoring-related requirements as defined in System Level Continuous Monitoring (SLCM) Strategy.
• Review all data produced by Continuous Monitoring activities, update eMASS record as necessary, and escalate to leadership for action if required.
• Correlate findings from non-RMF vulnerability assessments (e.g., Development Test (DT)/Operational Test (OT), penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking to ensure holistic risk assessment.
• Participate in change control and configuration management processes.
• Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM).

Qualifications:

• Target Education: Bachelor’s degree in computer science, IT, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university.
• Target Experience: Six (6) years of experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting.
• Minimum Certs: IAM-II, CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
• Must be U.S. citizen and hold active or interim Secret clearance.