207 Business Park Dr., Ste. 100

VA Beach, VA 23462

Information System Security Officer 

Employee Type: Full-Time

Location: Washington, DC
Job Type: ISSO
Experience: 2+ Years
Clearance Type: Secret 

AERMOR is seeking the support to serve as Navy Band Information System Security Officer (ISSO) for standalone systems and websites; including all standalone cloud-based systems.  

Responsibilities Include: 

  • Perform tasks required by the Navy’s Risk Management Framework for the role required by an Information System Security Officer (ISSO) for all Navy Band standalone, non-enterprise or cloud-based systems. 
  • Maintains USNB systems’ assessment & authorization (A&A) documentation & document statuses for preserving USNB assets’ Authority to Operate (ATO).
  • Perform annual security reviews of USNB systems under RMF authorization, to ensure validation of  USNB systems’ security controls during Continuous Monitoring testing
  • Manage USNB systems’ POA&Ms to ensure systems and process vulnerabilities are properly tracked, mitigated, and/or resolved
  • Provides assistance with identification of the USNB systems’ security control baselines, and any applicable overlays
  • Implements USNB systems’ updates, as required within Enterprise Mission Assurance Support Service (eMASS)
  • Support and advise command information officer (CIO) or ISSM on matters relating to security vulnerabilities, threats, and assessment of new requirements for all Navy Band systems.
  • Supports the ISSM and CIO with the DON Cyber Scorecard reporting requirements.
  • Represent the Navy Band systems as ISSO to Fleet Cyber Command and other organizations to obtain or maintain Authority to Operate (ATO).
  • Support ISSM in updating existing waivers, as required as part of the RMF process for system(s) accreditation (including, but not limited to, HBSS, PKI, and DODIN waivers).
  • Support transition of any existing DIACAP accredited Navy Band systems to the new Risk Management Framework (RMF) accreditation process.
  • Support the ISSM and CIO in completing the DOD Cyber Scorecard.
  • Provide input to and advise command Cyber Configuration Board; ensuring all changes meet cybersecurity guidelines.
  • Develop and document a Vulnerability Remediation and Management (VRAM) program for Navy Band Washington and Fleet Band Activities; to include machine scanning, remediation, tracking, documentation, and scan upload processes for the Department of Navy’s VRAM program.
  • Serve as Vulnerability Remediation and Management (VRAM) System Administrator for Navy Band Washington and Fleet Band Activities systems.
  • Ensure cybersecurity scans are performed, as required by Fleet Cyber Command, on all Navy Band standalone systems and are uploaded into the VRAM database per Fleet Cyber Command/10th Fleet requirements.
  • Regularly monitor the VRAM database for system vulnerability alerts and task orders and execute required actions per directive.  Notify all stakeholders of actions required to meeting directive. 
  • Install, operate, and maintain cybersecurity scanning tools and testing machines; including ACAS, Nessus, Security Center, SCAP, and DISA STIGs. 
  •  Perform risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, configuration deficiencies, and protection needs for Navy Band standalone systems, per DISA STIG, VRAM, Computer Task Orders, Information Assurance Vulnerability Alert/Bulletins (IAVA/IAVB’s).
  • Communicate with ISSM, other system ISSOs, Cyber Configuration Manager (CCM), Information System Security Engineer (ISSE), Validator, Fleet Band Activities, CIO, and other organizational staff regarding the status of system vulnerabilities and remediation requirements.
  • Oversee the implementation of security controls, patching, and manual configurations; perform ongoing tasks required to prevent, detect, analyze, and respond to security incidents.
  • Update, create and maintain system security plan, disaster recovery plan, Incident Response Plan, and other SOP’s, or other Navy Band directives required per DON / DIACAP / RMF guidelines.
  • Enter data into the Enterprise Mission Assurance Support Service (EMASS) in support of DIACAP and RMF package processing as ISSO.
  • Create and maintain ATO and Vulnerability Plan of Action & Milestones (POA&Ms) other documentation required in EMASS, VRAM to obtain and maintain Assessment & Authorization of Navy Band Echelon II standalone and cloud-based systems.
  • Provide input for FISMA, CyberScope, and other DON data repositories; responding to regular requests for data, as required.
  • Participate in regular Fleet Cyber Command EII Cyber Sync and other meetings concerning cybersecurity, VRAM, and other training, meetings, and working groups, as required by ISSM and CIO.

Required Skills and Experience: 

  • Meet the training and certification requirements for Information Assurance Management Level II as defined in the Information Assurance Workforce Improvement Program (DoD 8570.01-M) and current training standards in place at the time of task execution.
  • Maintain minimum CompTIA Security+CE and other IAM level II qualifications, as required, by DON and Navy Band Cyber Security Work Force directives.
  • Requires a minimum of 2 years Navy specific ISSO and Navy RMF experience.

Apply Now

For more information contact: careers@aermor.com