Information System Security Officer (ISSO)

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

Job-Specific Essential Duties and Responsibilities:

- Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).

- Implement media control procedures and continuously monitor for compliance.

- Verify data security access controls and assign privileges based on need-to-know.

- Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).

- Apply and maintain required confidentiality controls and processes.

- Verify authenticator generation and verification requirements and processes.

- Execute media sanitization (clearing, purging, or destroying) and reuse procedures.

- Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII).

- Create and manage the Body of Evidence (BOE).

- Maintain privilege access control logs.

- Create and manage Interconnection Security Agreements (ISA).

- Ensure JSIG compliance of applications within multiple accredited boundaries.

- Track vulnerabilities by creating Plan of Action and Milestones (POA&M).

- Manage the configuration and documentation in the program's instance of Enterprise Mission Assurance Support Services (eMASS).

- Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance.

- Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review.

- Conduct code reviews for database and application development and configuration management activities.

- Analyze events or test results and prepare POA&Ms.

- Integrate project management, configuration management, continuous monitoring, and POA&M processes.

- Prepare reports identifying the results of compliance and performance tests.

- Develop and implement information assurance/security standards and procedures.

- Coordinate, develop, and evaluate security programs for the organization.

- Review information assurance/security solutions to support customer requirements.

- Identify, report, and resolve security violations.

- Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands.

- Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.

Job-Specific Minimum Requirements:

- Active TS/SCI Clearance required at the time of hire.

Candidate must be eligible for and willing to successfully complete a CI Polygraph after hire.

Education & Experience:

- Bachelor's degree with preference for Computer Science, Information Systems, Engineering, or related technical discipline.

- Equivalent combinations of relevant educa...