ISSO

Who We Are…
Today’s leading government agencies are putting their trust in Newberry Group, and for good reason. 
Newberry brings strength to our clients, from the inside out through:
•    client intimacy and superior quality,
•    presence and accountability in our relationships, and
•    public sector best practices.
Newberry Group is a professional services firm, providing information security compliance, governance, program/project management, and mission critical project-based consulting to public sector clients nationwide. 
The strength of our company is a direct reflection of our highly skilled and talented workforce.
Job Summary
Newberry Group seeks an Information Systems Security Officer (ISSO) for a potential contract to begin later this year. The position provides comprehensive IT systems security control assessments.
Location 
MacDill AFB, FL – this is a hybrid position requiring a minimum of 3 days onsite weekly.
Clearance & Certification
DoD Secret Clearance required and a current IAT Level II or CISSP certification
Contingencies
Contingent on Contract Award
Primary Responsibilities:

• Adhere to DAF and DoD laws, standards, policies and procedures.
• Conduct comprehensive IT security control assessments. Assessments shall determine the condition of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
• Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
• Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system that meet the stated security requirements. Assessments shall include the review and validation of the authorized message types and the parsing of the data utilizing rule sets implemented within the Cross Domain Solutions (CDS) application to validate authorized processing of data and elimination of the possible spillage of classified information.
• Advise the ISSM concerning impact values for confidentiality, integrity, and availability for the information on a system.
• Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards and controls to mitigate vulnerabilities.
• Review and approve the information system security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedures.
• Ensure security control assessments are completed for each information system and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
• Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
• For each completed site visit provide a visit report.
• Support compliance with RMF controls to include, as necessary, development of Plans of Action and Milestones (POA&Ms) and mitigation of control deficiencies.
• Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
• Assemble and submit the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR).
• Assess the proposed changes to information systems, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization.
• Use Security controls defined by the AO and lead ISSM.
• Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission to include but not limited to Configuration Management.
• Provide guidance to other assessors on the policies and procedures of the job.
• Provide detailed assessment findings using Government-specified processes and procedures.
• Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the customer mission.
• Utilize assessment results to identify trends and to improve IA training, policies and processes.
• Utilize RMF tools such as (but not all encompassing) Enterprise Mission Assurance Support Service (eMASS), SNAP, Information Technology Investment Portfolio System (ITIPS), and Grid Interconnection Approval Process (GIAP) system for establishment of connection to the NIPR and SIPR enclaves.
• May be required to attend local Tech Shows, to gather insight to DOD cybersecurity trends and on-going efforts, in order to provide advice and/or recommendations to the government on future equipment buys or documentation required in support of the mission.
• May be required to attend planning meetings at other locations to obtain requirements for upcoming events.

Qualifications:

• Knowledge of Air Force communication squadron culture, as well as a basic-to-intermediate technical knowledge in areas such as: endpoint security, network vulnerability scanning, insider threat, cyber hygiene, IT support functions, and cybersecurity resiliency.
• Familiarity with DoD/DAF publications, end user policies and training requirements. I.e. Comply-to-connect policy
• Familiarity with DoD/DAF compliance methods, such as well as STIGs and CCRIs.
• Ability to communicate effectively with the Airmen and write SOPs that are intelligible to all audiences.
• Ability to interpret complex technical ideas from technicians into documentation that can be understood by non-technical supervisors and commanders.
• Possess/Acquire an understanding of how the SOPs will be utilized, such that the Technical Writer/Editor could train a new airman on how to use them (if necessary due to personnel deployments, TDYs, extensive leaves).
• Ability to manage time efficiently to meet overarching completion deadlines due to volume of documentation and number of people that will be involved.
• Bachelor's degree in cybersecurity, information science, technical writing, or other relative area of study.
• At least 1 year of relevant experience supporting similar requirements for Department of
• Defense mission area.
• Active security clearance (Secret or above). Although most documentation will be on Unclassified systems, some documentation will require a Secret Clearance and access to SIPRNet.
• Provide support to 6 CS Continuous Process Improvement events and adjust documentation to encapsulate any updates to IT support processes or document any IT support processes that were not previously defined.
• Knowledge and solid understanding of common Microsoft Office365 tools

Benefits and Perks
In addition to competitive wages, Newberry Group offers an outstanding benefit package. This includes medical coverage with three plan options, dental and vision coverage, personal time off, paid holidays, paid parental leave, telecommuting if available, retirement savings accounts (Pre-Tax and Roth), flexible and dependent care savings accounts, life insurance, long and short-term disability coverage, tuition and training reimbursement, employee assistance program, and more.
The Newberry Group, Inc. is an Equal Opportunity Employer – EEO/AA/Disability/Veterans.