Posted by: Institute for Defense Analyses on Nov 14, 2017
The Information Systems Security Officer (ISSO) is responsible for ensuring the operational security of the classified and unclassified information systems for the IDA Research Centers located in Princeton, NJ and San Diego, CA. The ISSO will maintain the System Security Plans (SSP) and related documentation, verify that systems are operated securely, conduct periodic reviews, and report security incidents.
This position can primarily work from the Princeton, NJ office or the San Diego, CA office. The position does require regular travel between the two offices. Position responsibilities and job performance will be evaluated jointly by the Division Directors of the two offices.
1. ISSO for classified and unclassified IS in two separate research labs.
2. Maintains on-line SSPs and supporting documentation in accordance with Department of Defense and NIST guidelines.
3. Provides direct oversite for acquisition security vetting programs for IS procurements to include; Acquisition Security (ACQSEC), Baseline Exception Request (BER), and Procurement Authorization Request (PAR).
4. Coordinates penetration tests and external evaluations.
5. Verifies that audit logs are periodically reviewed to ensure proper procedures are being followed.
6. Verifies that firewalls, perimeter defenses and intrusion detection systems are periodically audited to ensure they are configured and working properly.
7. Verifies that backup and disaster recovery systems are periodically inspected and tested.
8. Verifies proper marking, control, and removal of classified system hardware and media.
9. Implements information systems security training and awareness programs for users.
10. Monitors site compliance with information systems security requirements and programs developed by the sponsoring agency.
11. Verifies that Personally Identifiable Information (PII) and related data on IS is protected appropriately.
12. Verifies that CCR systems comply with IDA corporate IT policy.
13. Keeps management aware of system security issues.
14. Stays aware of relevant security policy and technology, and recommends appropriate policies and system changes.
15. Performs other duties as required.
• Bachelor's Degree in an information technology area, or demonstrated equivalent experience (i.e., at least 5 years of specifically related background, in addition to the experience requirements below).
• Three or more years’ experience as an ISSO or similar role is preferred, including experience with formal system certification and accreditation. Government or military equivalent would be IAT Level II or IAM Level I.
• At least one of the following Information Assurance certifications: CAP (ISC2), GSLC, Security+CE, GSEC, SSCP, or sufficient background to obtain certification within 6 months of employment. Higher-level certifications such as CISM or CISSP are strongly desired and may be required for future advancement.
• Willingness to travel and spend significant time at both sites, especially at start of employment.
• Familiarity with Linux and Microsoft Windows Server operating systems, and TCP/IP networking.
• Familiarity with vulnerability scanning and assessment tools.
• Exceptional communications skills, both orally and in writing, and good interpersonal skills.
• U.S. citizenship with the ability to obtain and maintain a Top Secret and other security clearances.
HR. Website URL: