The Facility Security Officer (FSO) / Information System Security Manager (ISSM) is responsible for ensuring organizational compliance with 32 CFR Part 117 - National Industrial Security Program Operating Manual (NISPOM) and plays a critical role in collaboration with system administrators and other key stakeholders to ensure a secure computing environment. The FSO/ISSM reports to the Director, OD & Compliance.
Responsibilities:
Serve as the primary point of contact for DCSA reviews and correspondence; establish a working relationship with DCSA and other government security personnel
Liaise with Board of Directors and Government Security Committee on FOCI mitigation and SSA and NISPOM compliance
Serve as the Insider Threat Program Senior Official (ITPSO), conduct quarterly Insider Threat Meeting and lead the Insider Threat Working Group (ITWG)
Plan and implement all processes, reports, and communications necessary to maintain compliance with the Special Security Agreement (SSA) and DMS Foreign Ownership Control and Influence (FOCI) mitigation strategies
Work with other team members to review, update and establish various policies and processes that are required by the NISPOM, DCSA DAAPM, System Security Plans (SSPs), NIST Security Controls and CMMC (SSA, TCP, ECP, etc)
Author and maintain documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF) and perform security control assessments as part of the Continuous Monitoring Plan
Review program material for proper classification and control, inventory and secure the material in accordance with protocols for the programs and to ensure regulatory compliance
Investigate security incidents such as data spills, data integrity, malicious events and insider threat
Provide prime/subcontractor security support and direction including the review, development and maintenance of DD254's and security guidance
Manage personnel security clearance processes to include coordinating initial clearance submissions and periodic reinvestigations of staff as well as maintenance of all facility, systems and personnel information in government systems (DISS/NISS/eMASS/SPRS etc)
Participate in the development and execution of facility and cyber security education programs including new employee security briefings, exit interviews and debriefings as required
Advise personnel of their reporting requirements, both personal/administrative and compliance/incident-related reports
Perform access control responsibilities including managing badges, access logs and visit requests as required
Work Activities:
Making Decisions and Solving Problems — Analyzing information and evaluating results to choose the best solution and solve problems.
Monitoring Processes, Materials, or Surroundings — Monitoring and reviewing information from materials, events, or the environment, to detect or assess problems.
Evaluating Information to Determine Compliance with Standards — Using relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
Performing Administrative Activities — Performing day-to-day administrative tasks such as maintaining information files and processing paperwork.
Skills:
Critical Thinking — Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
Judgment and Decision Making — Considering the relative costs and benefits of potential actions to choose the most appropriate one.
Systems Analysis — Determining how a system should work and how changes in conditions, operations, and the environment will affect outcomes.
Persuasion — Persuading others to change their minds or behavior.
Working Style:
Integrity — Job requires being honest and ethical.
Dependability — Job requires being reliable, responsible, and dependable, and fulfilling obligations.
Initiative — Job requires a willingness to take on responsibilities and challenges.
Adaptability/Flexibility — Job requires being open to change (positive or negative) and to considerable variety in the workplace.
Independence — Job requires developing one's own ways of doing things, guiding oneself with little or no supervision, and depending on oneself to get things done.
Required Experience & Education:
5+ years experience as FSO / ISSM in a FOCI mitigated company
FSO Certification required
ISP Certification a plus
Working knowledge of RMF, CMMC, NIST and other information/cyber security frameworks required
Relevant certifications in IAM Level I required
Additional cyber security certifications a plus (CAP, CISM, CISSP, etc.)
This position requires an active security clearance and the ability to work in the United States without sponsorship.
Equal Opportunity Employer, including disability/protected veterans
