Senior Information Systems Security Officer (SME)

Position: Information Systems Security Officer SME (Information Systems Security Officer – SME)

Location: Fairfax, VA (situational telework eligible)

Clearance: TS/SCI Eligible / SAP Eligible

Education: MA/MS (or BA/BS plus an additional 4 years of related work experience)

The successful candidate is expected to accomplish the following outcomes in the first year on the position:

1. Formally track all tasks, including: assigned by, suspense, status, and comments on all assigned tasks through completion; be prepared to brief upon request.
2. Develop digital continuity folders and files that include standard operating procedures, workflows, and POC lists to accomplish all tasks.
3. Create 2-3 products beyond the client’s requirements that positively impact the client to either increase efficiency, effectiveness, or innovation.
4. Master position tasks within 60 days and exceed requirements within 90 days.

The ISSO SME provides onsite ISSO expert support to the ISSMs supporting the Mission Architecture Innovation Directorate (CDMM). This directorate designs, configures, accredits, and implements mission and R&D information management systems, cloud solutions, network communications, database management, security accreditation, and workflow management.

Specific tasks include but are not limited to:

• Manage the Risk Management Framework (RMF) process.
• Work the system authorization process.
• Provide Cyber Incident Handling.
• Provide Life Cycle Management (e.g., Engineering Change and Configuration Management).
• Lead and advise on Vulnerability Management, Malware Protection, and Security Assessments, Evaluations, and Reviews.
• Provide continuous monitoring.
• Work the Department of Defense Information Network (DODIN) Connection Approval Process.
• Lead coordination with the Cybersecurity Service Provider (CSSP).
• Collaborate with CDMM ISSM and internal divisions to manage innovation proposals and projects quarterly, supporting efficiency and innovation.
• Pursue increased mission capability, enhance customer experience, and improve enterprise coordination.
• Provide cost/benefit analysis for proposals requiring external resources.
• Conduct and document cybersecurity assessments, security impact analysis, and system authorization of CDMM Information Systems.
• Organize documentation of artifacts in the appropriate repository per CDMM guidance.

The candidate must have:

• Minimum of 15 years of work-related experience supporting cybersecurity processes and system security evaluation.
• At least 10 years supporting a DoD Component.
• Minimum 3 years as a staff officer (e.g., DoD, Service, CCMD, Joint).
• Experience supporting technical security of military systems, including coalition operations, multi-level security solutions, or bilateral military sharing.
• Experience with at least two of the following: RMF, Systems Authorization, Cyber Incident Handling, System Life Cycle Management, Vulnerability Management, Malware Protection, Security Assessments.
• Familiar with NIPRNET, SIPRNET, JWICS, Defense Messaging System, and SAP networks.
• Knowledge of DoD Directive 8140 compliance.
• Excellent MS Office skills.
• Strong organizational, writing, and presentation skills.
• Analytical with excellent communication skills, able to work independently and in teams.
• Personnel must be IAT Level II certified per DoD 8570.01-M.
• IAM Level III certification (CAP, CASP+CE, CISM, CISSP, GSLC, or CCISO) mandatory; CEH desirable.

Desired qualifications include experience with evaluations/reviews, continuous monitoring, DODIN connection approval, and CSSP.

Travel: Occasional local travel required.

Other Requirements: