IS Security Officer (ISSO) - Security
This position serves as the Information System Security Officer (ISSO) for the corporate headquarters office at CNA. The position is responsible for assisting the Information System Security Manager (ISSM) in maintaining risk management framework (RMF) network systems across CNA. The ISSO will also maintain multi-user standalone systems and other local networks supporting two or more components of overall Information Technology systems.
JOB DESCRIPTION AND/OR DUTIES
1. Implements and optimizes security monitoring, event correlation, compliance and alerting solutions. Performs regular audits of all networked devices (including desktop computers, laptops, servers, and handheld devices) utilizing vulnerability scanners and similar tools. Scans for unauthorized networks (including wireless) and prevents systems from bridging networks.
2. Performs and assists with certification and accreditation (C&A) and risk assessment activities. Generates compliance reports and disseminates information to pertinent staff for remediation. Creates, maintains and monitors compliance of security policies, procedures and manuals.
3. Responsible for maintaining and utilizing information security architecture. Evaluate new security hardware and software by actively researching and implementing mitigation procedures to reduce security risk to the network.
4. Participates in Computer Security Incident Response Team activities. Respond to, analyze, and resolve IT Security incidents. Assist the Information System Security Manager (ISSM) with disseminating incident reports. Conducts internal investigations on matters concerning security violations, misconduct, and other charges. Consult with and support the Compliance Committee on internal investigations, as require.
5. Assist the ISSM with the development, implementation and administration of the CNA corporate wide security education and awareness programs focusing on IT Security training, to include phishing campaigns, physical and operational security (OPSEC) sessions, and training for employees, consultants and/or subcontractors.
6. Assist the ISSM with management and execution of the information security program, physical security program in full accordance with NISPOM, DAAPM, NIST 800 series, and other DoD, Navy security regulations and publications.
7. Assist the ISSM with security classification reviews by analyzing internal and external sources to determine classification levels are accurate, adequate and provide proper handling instructions IAW DoD Navy, Marine Corps, and other government agencies.
8. Assist the ISSM as needed on special projects and may lead special projects as assigned. Perform other duties as assigned.
9. Perform other duties as assigned.
1. Education: Bachelor’s degree in Computer Science, Management Information Systems, Computer Security, Information Assurance, or equivalent qualified security experience. Advance degree is a plus. At least one of the following certifications in IT Security at the time of hire is required: CAP, GSLC, Security+, CISM, CASP CE, or CISSP.
2. Experience: Minimum of 6 years of progressive experience in IT security and related technologies. Experience of 3 years with classified computing is required.
3. Skills: Must have proven customer service skills; ability to analyze vulnerability scans using Nessus, Security Center, HBSS and ACAS (among others); computer literacy and proficiency; presentation skills; excellent oral and written communication skills; Familiarity with standards such as, NIST, DIACAP, FISMA, and working knowledge of the NISPOM, JFAN, JPAS, ICDs and Navy Information; excellent interpersonal skills; ability to manage small projects.
4. Other: Ability to lift 20 lbs. (e.g. computer and AV equipment), walk (to end user stations) and bend (to install and connect equipment).
5. Active Secret security clearance required at the time of hire with the ability to obtain and retain a Top Secret security clearance.
Please include a personal statement as part of your application. A personal statement is a chance for us to get to know you. The statement is your opportunity to share your goals, interests, influences and show us that you will be a valuable asset to our organization. Please click here for personal statement guidelines – Click here
Personal statements will not be used as an elimination criteria for this position. They will only be used to enhance a candidate’s application
- Job Family Information Technology
- Job Function Career Path III - Professional
- CNA, 3003 Washington Blvd, Arlington, Virginia, United States of America