Information Systems Security Officer (ISSO)

Requirements

• Provide new, or maintain, the Authority to Operate (ATO) in accordance with the Space Authorizing Official memo
• Review and analyze cybersecurity control compliance status to meet both ATO
• Maintain ATO packages consistent with DoDI 8510.01 and all added guidance from the ISSM and AO
• Draft POA&Ms for non-compliant Cybersecurity controls
• Develop and manage System Security Plans (SSPs)
• Provide technical input for updates and mitigations to POA&M items for ATO packages
• Manage the security of classified and unclassified DoD information, Critical Program Information (CPI), and Controlled Unclassified Information (CUI) in Reference Libraries per assigned DoD Impact Levels
• Meet all RMF cybersecurity requirements on new and existing software platforms managed by the RM IT Support contract
• Perform risk assessments and vulnerability mitigations
• Provide Cybersecurity recommendations
• Manage future Cybersecurity architecture, roadmaps, cyber risk posture and cyber hygiene
• Perform Cybersecurity Program Assessment
• Assess RM IT Support system design requirements, topologies, and non-compliant cyber controls
• Support the Cybersecurity program for all information systems identified in the RM IT Support Authorization Boundaries
• Develop AAR IT Support Incident Response Plan
• Participate in incident response exercises, deliver incident responses, and coordinate root cause assessment and recommend solutions, mitigations, alternatives, or corrective actions to the Government ISSM and CISO
• Develop and perform test conductor activities to test delivered system changes and validate cybersecurity compliance
• Perform credentialed Cybersecurity scans, vulnerability and compliance scans, for operational systems assigned to AAR IT Support as requested by Government
• Support Cybersecurity audit activities as requested by the Government
• Develop and conduct annual systems specific Cybersecurity training for AAR IT Support team members