Information System Security Officer

Position Description: The Information System Security Officer (ISSO) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key cybersecurity professional for NSWCPD Code 104. This key personnel position is responsible for coordinating cybersecurity processes and activities for assigned systems, ensuring compliance with all applicable policies, and managing security controls implementation throughout the Risk Management Framework (RMF) lifecycle.

Location:  Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors:

Cybersecurity Compliance and Policy Implementation

•  Assist the Information System Security Managers (ISSM) in executing their duties and responsibilities
• Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies 
• Ensure relevant cybersecurity policy and procedural documentation is current and accessible 
• Coordinate cybersecurity processes and activities for assigned systems 
• Report changes in system security posture to the ISSM Security Assessment and Authorization (A&A) Management 
• Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs
• Provide oversight of Security Plans for assigned systems throughout their lifecycle 
• Manage and maintain Plan of Actions and Milestones (POA&M), tracking vulnerabilities through remediation 
• Assist with identification of security control baselines and applicable overlays 
• Coordinate the validation of security controls with Navy Qualified Validators (NQV) 
• Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews 
• Adjudicate findings from Package Submitting Officer (PSO) System Security Management
• Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS) 
• Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews 
• Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM) 
• Participate in change control and configuration management processes 
• Ensure execution of Continuous Monitoring requirements as defined in system strategies 
• Review all data produced by Continuous Monitoring activities and update eMASS records as necessary 
• Correlate findings from non-RMF vulnerability assessments to RMF controls for holistic risk assessment Cybersecurity Analysis and Reporting 
• Perform analysis of logs, events, and reporting from various data collection tools 
• Assess impacts from observed risks and report via the Cybersecurity Program chain of command 
• Present data to management in a comprehensive and cohesive manner 
• Develop reports and produce procedural documentation as required 
• Evaluate system administrator, security engineer, and/or system owner proposed corrections

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Secret security clearance 
• Bachelor's degree in computer science, information technology, communications systems management, or equivalent STEM degree from an accredited college or university 
• Minimum 6 years of experience coordinating and implementing security changes, ensuring compliance with published policies, conducting cybersecurity vulnerability and threat analysis, and supporting cyber incident response 
• Current IAM-II certification (CAP, CASP+ CE, CISM, CISSP, GSLC, CCISO, or HCISPP)

Desired Qualifications: 

• Experience with the DoD Information Assessment and Authorization (A&A) process 
• Familiarity with Risk Management Framework (RMF) implementation 
• Proficiency with eMASS, VRAM, and other DoD cybersecurity systems 
• Experience with NIST Special Publications and DoD/Navy cybersecurity directives 
• Experience with vulnerability management tools (ACAS, HBSS, etc.) 
• Knowledge of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)