US DoD/IC Cleared Information Systems Security Officer (ISSO)

Introduction
At IBM work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so lets talk.

Your Role and Responsibilities
The IBM Chief Information Officer (CIO) organization is looking for an Information Systems Security Officer (ISSO) who possesses a TOP SECRET / Sensitive Compartmented Information (TS/SCI) clearance with the US Department of Defense or US Intelligence Community to join us within the Cybersecurity Assurance domain. In this role you will report to the Senior Manager for CIO Secure Facilities and serve as a senior technical lead for managing the cybersecurity and compliance of classified systems and networks across five (5) IBM sensitive compartmented information facilities (SCIF) supporting clients in the DC Maryland and North Virginia (DMV) area.
The CIO BISO & Cybersecurity Assurance organization delivers robust and modern services that provide data-driven and risk-informed security with empathy. It is important that we enable the CIO – we are not the department of “no” – we partner with our internal customers understand how to balance business demand and security requirements and find ways to assist the CIO in fulfilling its mission and protecting IBM systems data and clients.
Job Summary
As the ISSO you will be expected to partner with the System and Network Administrators who manage the classified systems and network and align efforts with the broader CIO CA organization to deliver high-quality solutions to support the implementation and continual monitoring of our Federal Government Client’s required system security controls. You will also interact with and provide direct support to clients on-site.
You must have demonstrated DCID 6/3 and ICD 503 security accreditations background to communicate and enforce Federal Government information assurance and information security policies standards and guidelines. This includes implementing and monitoring National Institute of Technology (NIST) Information Security guidelines and controls; creating and maintaining documentation for authorization of Information Systems consistent with Government requirements; developing and disseminating System Security Plans (SSPs) and performing compliance monitoring analysis tracking and reporting; and reviewing monthly vulnerability scan reports and manage the Plan of Actions & Milestones (POA&M) to address findings.
This role will be based in Chantilly or Reston VA with limited travel to other local sites in Maryland DC and Virginia (~50 mile diameter).
What You Will Do

• Implement or oversee the implementation of system and data security measures in accordance with applicable US government and individual client standards.
• Perform initial and ongoing risk assessments to include threat modeling with cyber threat intelligence vulnerability scans insider threat natural disasters and other risks.
• Draft manage and test IT contingency plans (ITCP) and disaster recovery plans (DRP) in support of client business continuity plans (BCP) and continuity of operations plans (COOP).
• Investigate detections and event reports to validate existence of an incident assess scope of impact and coordinate incident response actions to contain eradicate and recover from the incident; keeping client and IBM leadership informed throughout the process.
• Implement and manage security appliances and tooling such as office firewalls endpoint protection vulnerability scanners etc.
• Review and approve user access and ensure all users have the requisite clearances authorization need-to-know and are aware of their security responsibilities before granting access to the IS and educate cleared personnel regarding their security responsibilities as detailed in the requisite Security Requirements Document.
• Ensure employee compliance with security measures
• Assist with preventative and emergency maintenance
• Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
• Ensure all IS security-related documentation is current and accessible to authorized individuals.
• Ensure systems are maintained and operated consistent with security policies and procedures outlined within the ATO documentation.
• Conduct periodic inspections and reviews and report all security related incidents according to established procedures.
• Implement and manage continuous monitoring tools mechanisms and reporting. Monitoring will include physical and logical access to classified systems and data user activity controls for deviations and changes and government/client standards and reporting changes.
• Connect and maintain relations with both Industry and Government in order to remain aware of changing IS trends issues and requirements.

Required Technical and Professional Expertise
Security Clearance Requirements

• Possess a current Top Secret/SCI clearance/access with polygraph and eligibility for additional accesses as may be required.

Requirements and Qualifications

• A bachelor’s degree in computer science information systems or cybersecurity or 10 years of IT/cybersecurity experience working on classified systems.
• Minimum of 5 years work experience in governance risk management and compliance (GRC) to include policy and standards development and implementation certification and accreditation (C&A) / assessment and authorization (A&A) IT risk analysis and management vulnerability management security control assessment/testing (or ST&E) for compliance – preferably in support of the US IC DoD and/or other Federal Government clients.
• Knowledge of Federal government C&A / A&A practices and policies particularly ICD 503 NIST Risk Management Framework (RMF) and NIST SP 800-Series.
• Good oral and written communications skills; be able to write detailed System Security Plans and supporting documentation responsive to Client compliance requirements.
• Possess strong understanding of DCID 6/3 ICD 503 and NIST RMF to include the following key supporting documents: NIST SP 800-37 800-53 800-53A 800-137 and CNSS 1253.

Preferred Technical and Professional Expertise

• Experience with various system security assessment/hardening tools – SCAP Compliance Checker STIG Viewer ACAS/Nessus etc.
• Have obtained a CISSP or CISM certification and have analytical and technical skills
• Minimum of 5 years work experience in cybersecurity such as cyber threat intelligence security operations (systems monitoring event analysis and incident response) security appliance/service administration or other similar roles.