This position will be responsible for the development and administration of information systems security procedures, compliance, auditing, security plan development, perform self-inspections, and certify systems in accordance with the ICD 503 and NIST SP 800-53. Upon hire, the successful candidate must be willing to go through the process of obtaining a CI Poly and perform the essential duties below.
- Enforce IA policy, guidance, and training requirements per AR 25-2 and identified BBPs.
- Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
- Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and security responsibilities before granting access to the IS.
- Ensure users receive initial and annual IA awareness training.
- Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
- Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
- Review and evaluate the effects on security of system changes, including interfaces with other ISs and document all changes.
- Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.
- Maintain and document CM for IS software (including IS warning banners) and hardware.
- Pre-deployment or operational ISSOs will ensure system recovery processes are monitored and that security features and procedures are properly restored.
- Pre-deployment or operational ISSOs will maintain current software licenses and ensure. security related documentation is current and accessible to properly authorized individuals.