This position is responsible for the development and administration of information systems security procedures, compliance, auditing, security plan development, perform self-inspections, certify systems in accordance with the ICD 503 and NIST SP 800-53. Upon hire, the successful candidate must be willing to go through the process of obtaining a CI Poly.
ESSENTIAL JOB FUNCTIONS:
• Enforce IA policy, guidance, and training requirements per AR 25-2 and identified BBPs.
• Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
• Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and security responsibilities before granting access to the IS.
• Ensure users receive initial and annual IA awareness training.
• Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
• Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Review and evaluate the effects on security of system changes, including interfaces with other ISs and document all changes.
• Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.
• Maintain and document CM for IS software (including IS warning banners) and hardware.
• Pre-deployment or operational ISSOs will ensure system recovery processes are monitored and that security features and procedures are properly restored.
• Pre-deployment or operational ISSOs will maintain current software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
• Tenant ISSOs will support and assist tenant IAMs (or the installation IAM if no tenant IAM exists).
• Report security violations and incidents to the servicing RCERT in accordance with Section VIII, Incident and Intrusion Reporting.