Information Systems Security Management (ISSM) * Journeyman
The Information Systems Security Management (ISSM) – Journeyman shall be the Directorate expert responsible for all the Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions (TEMPEST packages), from assembling them to maintaining them to decommissioning them.
Additional Responsibilities Include, but are not Limited To:
Responsible for Negligent Disclosures of Classified Information (NDCI’s, formerly known as CMI’s: Classified Messaging Incidents).
Responsible for Certification & Accreditation (C&A) process and will prepare, submit, and track all Directorate C&A packages of all Research, Development, Test, & Evaluation (RDT&E) computer information systems for base-level and higher headquarters approval, and ensure that all systems are in compliance with DoD Information Technology (IT) C&A guidance.
Responsible for handling all waiver requests and creating the waiver packages including processing information, filling out templates, performing documents review, conducting follow-ups with customers, and routing all required forms and information, and updating all waiver package attachments.
Submit quarterly a Plan of Action and Milestones (POA&Ms) to HQ AFRL and maintain 100% accountability for all accredited systems and RDT&E systems requiring POA&Ms.
Support the non-Government laptop approval process.
Prepare, submit, and track all Secure Internet Protocol Router Network (SIPRNet) Terminal C&A packages; create SIPRNet Terminal C&A Memorandum of Agreements and process to ensure addition to the base-wide package.
Update the Directorate’s C&A tracker database (Remedy) and resolve any issues with the data or application.
Ensure the Directorate C&A community remains updated on e-MASS; review e-MASS registration workbooks, recommend changes/clarification and submit updated workbooks to HQ AFRL for registration of Point-to-Point, Standalone, Standalone Enclave systems having a Federal Information Security Management Act (FISMA) requirement.
Keep the Directorate C&A community informed to ensure the appropriate program managers and POCs obtain Enterprise Mission Assurance Support Service (e-MASS) accounts.
Create new distribution lists for the e-MASS Directorate personnel working to obtain Interim Approval to Operate/Approval to Operate.
Review C&A Enterprise Information Technology Data Repository (EITDR) reports and provide oversight to ensure issues are resolved (testing, annual reviews, et5.).
Handle all EITDR and e-MASS taskers and obtain 100% completion. Maintain EITDR for current FISMA lists.
Handle all TEMPEST or Emissions Security (EMSEC) issues such as supply requests for diagrams and equipment lists, provide sample documentation, ensure countermeasures are being observed in all visited areas, provide updates to the Base TEMPEST/EMSEC Manager, and answer questions for new projects coming up.
Support all computer security issues; provide information regarding policy for Research and Development (R&D) system removal from the facility, working spoofing issues, and handling phishing and Simultaneously Posted Advertising Message (SPAM) related tasks.
Provide assistance in performing Cybersecurity Liaison duties and serve as the primary in his/her absence.
Handle account management tasks such as handle all DD Forms 2875, System Authorization Access Request, Account Creation Tickets, Common Information Assurance (IA) training issues, IA training alibis, disabled account issues, user agreements, out-processing of personnel, conversion issues, standard Common Access Card (CAC) issues, account expiration issues, EITDR account issues, elevated privileges, and machine adds.
Provide all systems support to include classified message incidents (CMIs) and data spillages; perform risk analysis, security tests, and identification of the contaminated system.
Ensure all connections, servers, and computers are reported to appropriate personnel as defined in the various DoD/AF instructions, manuals and directives, as well as local operating instructions and cleaned as required.
Work with and at the direction of the ISSO to maintain the network architecture and computational environment so that it is fully compliant with applicable Air Force and DOD policies, procedures and regulations.
Conduct routine maintenance, perform backups, and install upgrades and patches to the systems and networks.
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package.
Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
Report all security-related incidents to the ISSM.
Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change.
Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization.
Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
Ensure audit records are collected and reviewed.
Responsible for the management and scheduling of the SCIF conference room.
Knowledgeable and comply with applicable OPSEC requirements, procedures and policies to reduce program vulnerability from successful adversary collection and exploitation of critical information.
Knowledgeable of Sensors Directorate Critical Information List and comply with all security training program requirements and any specialized security training as deemed applicable.
Provide on-site Information Systems Support in the development, administration, and execution of the internal information technology infrastructure to meet current and future program needs.
Assist in formulating architectural design, functional specifications, interfaces and documentation for hardware, software, and systems/networks.
Responsible for the following tasks within the RY Sensors Directorate:
Operations of SIPRNET and project-specific hardware administration within an accredited SAPF and/or SCIF;
System trouble-shooting/end-user support; Administering and maintain all COMSEC equipment;
Developing and maintaining all System Security Plans; Reviewing, implementing and complying with all DISA, DoD and AF Information Assurance Policies;
Establishing and administration of stand-alone classified information systems;
Perform any/all system audits, patches and backups;
Maintain security compliance of all classified information systems;
Support all Special Access Program (SAP) controls and audits.
Responsibilities/duties of this individual may be shared between Divisions within the AFRL Sensors Directorate.
Additional Security and Information Assurance Requirements and Responsibilities/Vault Operations: The following details additional security requirements pertaining to operation in the Sensors Directorate facility.
The Activity Security Representative (ASR) and the Information System Security Manager and/or Officer (ISSM/ISSO) individuals shall be responsible for the opening/closing of the AFRL/RYZ vault and responding to any alarms, during normal hours, extended duty days and holidays, The ASR, ISSM, and/or ISSO will be required to perform the services under this contract, 8 hours per day, between the hours of 0600-1800 excluding Federal Holidays.
This includes performing end-of-day security checks IAW Air Force requirements and Vault Standard Operating Procedures (SOP).
Vault operations will require use of security codes and combination locks during normal and extended duty days.
Based on the above requirements, the individual(s) will be given 24/7 access to Bldg 620.
The ASR will be responsible for ensuring that all necessary paperwork/requirements are met and submitted to perform this function.
Assist with proposal development, if necessary.
Perform other duties, as assigned.
Three (3) to ten (10) years of applicable experience.
Expert responsible for all the Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions (TEMPEST packages), from assembling them to maintaining them to decommissioning them.
Knowledgeable of and ability to comply with applicable OPSEC requirements, procedures and policies to reduce program vulnerability from successful adversary collection and exploitation of critical information.
Knowledgeable of Sensors Directorate Critical Information List and ability to comply with all security training program requirements and any specialized security training as deemed applicable.
Experience with process of when it is discovered that someone has exposed classified information in an unclassified environment (e.g. sent secret level info in an unclassified email system; created or uploaded a classified document onto an unclassified system, etc.).
BA/BS or MA/MS Degree.
Certificates, Licenses, Registrations:
Information Security Management requires DoD Security Fundamentals Professional Certification (SFPC) as a condition of hiring and (SAPPC) within six (6) months upon contract award.
Certified Information Systems Security Professional (CISSP) certification preferred but not required.
Must be certified in Microsoft SQL Server Management Studio (Security+). MCSA
Contractor certifications upon employment: The qualified candidate must have the Security Fundamental Professional Certification (SFPC) upon being hired.
Candidate will obtain the Security Professional Education Development Certification (SPED) prior to being hired.
Will obtain the Security Asset Protection Professional Certification (SAPPC) within six (6) months of employment date.
The preferred candidate will be trained and certified on all requirements IAW:DoD regulation 8570 as applicable upon being hired.
Other Required Skills & Abilities:
Must be able to effectively communicate with customer and fulfill all duties and responsibilities as listed in the contract.
Must be proficient in Microsoft Office suite including, but not limited to: Word, PowerPoint, Excel, and Outlook.
Security Clearance: Top Secret security clearance required.
US Citizenship: This position supports a U.S. Government Contract whose terms require Sawdey Solution Services to staff it only with U.S. Citizens.
Wright-Patterson AFB, OH
About the Organization
Sawdey Solution Services, Inc., with an ISO 9001/ISO 14001 certified and CMMI-SVC v1.3 Level 3 appraised corporate headquarters, has built a nationwide and global footprint providing innovative cross-disciplined professional services, engineering, and cyber solutions to Department of Defense, Department of Homeland Security, Federal Agencies, and commercial customers. Operating successfully since 2001, we are a Woman Owned/Service Disabled Veteran Owned Small Business.
Sawdey Solution Services is an Equal Opportunity Employer-Disabled-Veterans-41 CFR 60 1.4 and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, gender identity, marital status, national origin, or veteran status.
This position is currently accepting applications.
Sawdey Solution Services is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, gender identity, marital status, national origin, or veteran status.