Information Systems Security Officer (SCAR)

Overview: Responsibilities:

• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at software application, system, and network levels.
• Verify application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Assess the effectiveness of security controls.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Draft statements of preliminary or residual security risks for system operation.
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Maintain information systems assurance and accreditation materials.
• Support site assistance visits (SAV)s as requested by the Security Control Assessor (SCA).

Qualifications:

• Active Top Secret with SAP eligibility
• Bachelor's degree in related discipline (or 4 additional years of relevant experience in lieu of degree)
• 10-12 years of relevant experience
• DoD 8570 IAM III level certification (g., CISSP, CISM, GSLC, or CCISO) or
  • DoD 8140 Advanced ISSM (g., CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, CISSP) or
  • DoD 8140 Advanced SCA (g., CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA , CISA or CISSP, CISSP-ISSEP, GSLC, GSNA)
• Expert knowledge of:
  • Navy FLTCYBERCOM Authorization processes
  • GRC Experience (eMASS\Xacta)
  • Risk Management Framework requirements
  • Cybersecurity (CS) principles and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation
  • Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Network security architecture concepts including topology, protocols, components, and principles.
  • Security Assessment and Authorization process
  • Cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
  • Penetration testing principles, tools, and techniques.
  • Relevant laws, policies, procedures, or governance related to critical infrastructure.
• Skilled in:
  • Discerning protection needs (i.e., security controls) of information systems and networks.
  • Determining how a security system should work and how changes in conditions, operations, or the environment will affect outcomes.

Pay Transparency Statement: AMERICAN SYSTEMS is committed to pay transparency for our applicants and employee-owners. The salary range for this position is USD $155,700.00/Yr. - USD $260,000.00/Yr. Actual compensation will be determined based on several factors permitted by law. AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance. EEO Statement: EEO Race/Sex/Disability Status/Veteran Status