The contractor shall assist the OBO ISSO in developing an Information Systems Security Strategy to provide a defense in depth approach to the security architecture of OBO’s on-Prem and in-Cloud IT infrastructure by means of Operation Security and Cyber Security Services.
• assist the OBO ISSO in responding to and remediating classified spillage incidents
• develop and maintain Classified Spillage reporting procedures
• assist managing the distribution, tracking, reporting, and auditing of the OBO Classified hard drive program
• perform secure data transfers for users from removable media to the OpenNet/ClassNet network
• perform end of day security checks in OBO/IRM suites, maintain safe/lock combination changes for safes and computer equipment rooms. conduct new OBO/IRM user security briefings and keep new user security briefing updated with the latest policies from the Department’s Foreign
SBU - CONTRACTING AND ACQUISITIONS
Affairs Manuals pertaining to Information and Information Systems Security (12 FAM 500 and 12 FAM 600).
REQUIREMENTS
- Must possess an active security clearance
- Seven (7) years of experience in supporting Federal IT organizations in accomplishing Assessments and Accreditations.
- Must possess the ability to carries out procedures to ensure that all information systems, products, and services meet organization standards and end-user requirements.
- Acts as a subject matter expert (SME) for Federal Assessments & Authorizations (A&A); provides sound advice and recommendations to lower risk and improve the overall defensive posture. Must have experience in managing the inventory, categorization, selecting and monitoring security controls for the information systems in preparation of the Assessment and Authorization process for new and existing systems.
- Experienced in implementing NIST guidance related to the Risk Management Framework and supporting Plan of Action and Milestone (POAMs) review. Must have experience also in conducting interviews with application and system developers to document system operations surrounding security controls.
- Must possess a Bachelor Degree cybersecurity, computer science, informational technology, or related fields; Additional (4) four years of experience may be substituted for a degree. Minimum of eight (8) years of cybersecurity experience.