Information Systems Security Officer (ISSO)/ COMSEC Responsible Officer (CRO)

Job Description: 

Rhombus Power is seeking a dedicated and knowledgeable Information Systems Security Officer (ISSO) and COMSEC Responsible Officer (CRO). You’ll be responsible for developing, implementing, testing, and reviewing our organization's information security to protect vital information and prevent unauthorized access, while overseeing the COMSEC program and continuously updating Security Authorization documentation. This position requires daily onsite support, the ability to work independently and within a team environment, minimal supervision, and excellent multi-tasking skills. Excellent writing, organization, communication, problem-solving skills, and attention to detail are a must. 

This role requires US Citizenship in order to obtain and maintain a DoD TS/SCI security clearance. Candidates with an active TS/SCI clearance are highly desired. Some travel to CONUS and OCONUS locations may be required to meet mission requirements and undergo training.  

Responsibilities: 

• Develop, implement, and review the organization's information security to protect information and prevent unauthorized access.
• Maintain the Security Authorization or Authorization to Operate (ATO) of assigned systems and conduct initial and annual risk assessments.
• Oversee and manage the COMSEC program.
• Guide us through the government’s cybersecurity accreditation process to achieve an Authority to Operate (ATO).
• Identify required STIGs and guide system certification based on project requirements.
• Conduct security assessments and vulnerability scans in a test environment and prepare a list of open vulnerabilities for the developer team to address.
• Prepare a certification package, including STIG assessment and documentation, vulnerability and scan assessments, and conduct quarterly software security reviews.
• Maintain DoD Collateral open storage areas according to 32 CFR Part 117, NISPOM.
• Assist with the administration of secured calls and the updating of security personnel access lists and databases.
• Conduct administrative inquiries related to potential security incidents or violations and provide relevant education and training to program personnel.
• Oversee COMSEC inventory, key management, and COMSEC incident investigation and reporting.
• Collaborate with the Facility Security Officer (FSO), government, and internal teams to ensure an optimal security posture.
• Manage employee recruitment, training, performance, work assignments, recognition, and disciplinary actions.
• Develop, implement, and modify security operating policies for facility activities.
• Carry out the technical administration of IS in accordance with internal and customer security requirements.
• Participate in internal and external security audits and inspections and perform risk assessments. 

Certifications: 

• DoD 8140 IAT or DoD 8570 IAT Level II certification or higher 

Qualifications: 

• U.S. Citizen with Active TS clearance with SCI eligibility. Must be able to obtain and maintain Top Secret clearance and Sensitive Compartmented Information (SCI) access. 
• Ability to analyze and communicate opportunities for efficiency, identify gaps, and work closely with multiple stakeholders. 
• Experience with coordinating Assessment and Authorization (A&A) activities, including developing and maintaining System Security Plans (SSP), Security Controls Traceability Matrix (SCTM), and Plan of Action and Milestones (POA&M). 
• Bachelor's Degree and 5+ years of relevant experience. 
• Working knowledge of DoD Information Security Manuals, ICD 503, and NISPOM.
• Hands-on information system auditing and investigation experience
• Knowledge of operating system security requirements and experience with industry-standard Information Assurance tools.
• Prior leadership experience working in a classified environment
• Excellent written and oral communication skills.
• Working knowledge and experience with RMF and STIG compliance.
• IT management/system administration experience, preferably with Government networks or information systems
• Applied knowledge of the NIST SP 800 series.
• Experience with obtaining and maintaining system ATOs in the eMASS system
• Experience with NSA/CSS Manual Number 3-26, COMSEC and cryptographic devices. 

Desired Skills: 

• Experience as an Information Systems Security Professional (ISSP), Information Systems Security Manager (ISSM), Information Systems Security Officer (ISSO), COMSEC Manager, COMSEC Responsible Officer (CRO), or Government Acquisition Security Manager 
• Knowledge of or experience working with DCSA, COR, DISA, ATO process, SIPR, JWICs, and the DAAPM. 
• IAEC-2112 COMSEC training Course or DoD equivalent  
• Experience teaching/instructing.  
• Ability to be flexible and adapt to constantly changing program requirements. 

Location:

• Palo Alto, CA  

•

Last updated on Aug 13, 2024