The Information Systems Security Officer (ISSO) is responsible for ensuring the operational security of the classified and unclassified information systems for the IDA Research Centers located in Princeton, NJ and San Diego, CA. The ISSO will maintain the System Security Plans (SSP) and related documentation, verify that systems are operated securely, conduct periodic reviews, and report security incidents.
This position can primarily work from the Princeton, NJ office or the San Diego, CA office. The position does require regular travel between the two offices. Position responsibilities and job performance will be evaluated jointly by the Division Directors of the two offices.
ISSO for classified and unclassified IS in two separate research labs.
Maintains on-line SSPs and supporting documentation in accordance with Department of Defense and NIST guidelines.
Provides direct oversite for acquisition security vetting programs for IS procurements to include; Acquisition Security (ACQSEC), Baseline Exception Request (BER), and Procurement Authorization Request (PAR).
Coordinates penetration tests and external evaluations.
Verifies that audit logs are periodically reviewed to ensure proper procedures are being followed.
Verifies that firewalls, perimeter defenses and intrusion detection systems are periodically audited to ensure they are configured and working properly.
Verifies that backup and disaster recovery systems are periodically inspected and tested.
Verifies proper marking, control, and removal of classified system hardware and media.
Implements information systems security training and awareness programs for users.
Monitors site compliance with information systems security requirements and programs developed by the sponsoring agency.
Verifies that Personally Identifiable Information (PII) and related data on IS is protected appropriately.
Verifies that CCR systems comply with IDA corporate IT policy.
Keeps management aware of system security issues.
Stays aware of relevant security policy and technology, and recommends appropriate policies and system changes.
Performs other duties as required.
Bachelor's Degree in an information technology area, or demonstrated equivalent experience (i.e., at least 5 years of specifically related background, in addition to the experience requirements below).
Three or more years' experience as an ISSO or similar role is preferred, including experience with formal system certification and accreditation. Government or military equivalent would be IAT Level II or IAM Level I.
At least one of the following Information Assurance certifications: CAP (ISC2), GSLC, Security+CE, GSEC, SSCP, or sufficient background to obtain certification within 6 months of employment. Higher-level certifications such as CISM or CISSP are strongly desired and may be required for future advancement.
Willingness to travel and spend significant time at both sites, especially at start of employment.
Familiarity with Linux and Microsoft Windows Server operating systems, and TCP/IP networking.
Familiarity with vulnerability scanning and assessment tools.
Exceptional communications skills, both orally and in writing, and good interpersonal skills.
U.S. citizenship with the ability to obtain and maintain a Top Secret and other security clearances.
Additional Salary Information: Excellent benefits program
Internal Number: 938
About Institute for Defense Analyses
IDA is the Institute for Defense Analyses, a not-for-profit corporation that operates three Federally Funded Research and Development Centers (FFRDCs) in the public interest: the Systems and Analyses Center, the Science and Technology Policy Institute, and the Center for Communications and Computing. IDA provides objective analyses of national security issues and related national challenges, particularly those requiring extraordinary scientific and technical expertise. Employees are subject to a security investigation, must meet the requirements for access to classified information and be a U.S. citizen.