GENERAL JOB SUMMARY:
Responsible for the development and administration of information systems security procedures, compliance, auditing, security plan development, perform self-inspections, certify systems in accordance with the ICD 503 and NIST SP 800-53. Upon hire, the successful candidate must be willing to go through the process of obtaining a CI Poly.
ESSENTIAL JOB FUNCTIONS:
- Enforce IA policy, guidance, and training requirements per AR 25-2 and identified BBPs.
- Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
- Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and security responsibilities before granting access to the IS.
- Ensure users receive initial and annual IA awareness training.
- Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
- Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
- Review and evaluate the effects on security of system changes, including interfaces with other ISs and document all changes.
- Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.
- Maintain and document CM for IS software (including IS warning banners) and hardware.
- Pre-deployment or operational ISSOs will ensure system recovery processes are monitored and that security features and procedures are properly restored.
- Pre-deployment or operational ISSOs will maintain current software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
- Tenant ISSOs will support and assist tenant IAMs (or the installation IAM if no tenant IAM exists).
- Report security violations and incidents to the servicing RCERT in accordance with Section VIII, Incident and Intrusion Reporting.