Facility Security Officer (FSO) / Information Systems Security Manager (ISSM)

Facility Security Officer (FSO) / Information Systems Security Manager (ISSM)

Based in Research Triangle Park, North Carolina, the FSO / ISSM will interface with the Defense Counterintelligence and Security Agency (DCSA) on all matters outlined by 32 CFR Part 117 – the National Industrial Security Program Operating Manual (NISPOM).

Primary Responsibilities

• Serve as the primary point of contact for DCSA reviews and correspondence; establish a working relationship with DCSA and other government security personnel.
• Work with the Security Manager to review, update, and establish policies and procedures related to the NISP.
• Author and maintain documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF).
• Perform security control assessments as part of the Continuous Monitoring Plan.
• Oversee configuration management of assigned systems and validate audits to ensure security posture integrity.
• Conduct hardware and software inventory assessments.
• Identify system security control shortcomings and serve as Point of Contact (PoC) for remediating technical and physical deficiencies.
• Investigate security incidents such as data spills, data integrity issues, malicious events, and insider threats.
• This position requires some overnight travel.
• Maintain facility clearance activities.
• Review and maintain DD-254s.
• Fulfill requirements set forth in 32 CFR Part 117.

Basic Qualifications

• Bachelor’s degree and at least 3 years of relevant experience, or equivalent related work experience.
• Must possess a U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret clearance.
• Must complete the following certifications within 6 months of hire or possess them already:
• FSO Program Management for Possessing Facilities Curriculum (IS030.CU)
• ISSM Required Online Training DAAPM - 2.6 Program Risk Management Framework (CS100.CU)
• Introduction to the Risk Management Framework (CS124.16)
• Introduction to Industrial Security (IS011.16)
• Introduction to Information Security (IF011.16)
• Introduction to Personnel Security (PS113.16)
• Introduction to Physical Security (PY011.16)

Preferred Qualifications

• Technical knowledge to assist in rulings, approvals, interpretations, and deviations from regulations for IS compliance with various government agencies and regulations (RMF, STIGs, NIST publications) across multiple Operating Systems and components.
• Experience ensuring compliance with RMF policies for accredited and new Information Systems.
• Ability to evaluate security risks through Continuous Monitoring.
• Maintaining and documenting configuration management (CM) systems for hardware, software, and firmware.
• Performing antivirus updates, system patching, and security self-reviews.
• Familiarity with eMASS, DISS, and NBIS applications.
• Strong written, verbal, listening, and presentation skills.