The Information Systems Security Officer (ISSO) will be responsible for ensuring development and proper implementation of the security controls documented in the Information Systems Security Plan (ISSP) for all information systems for which the ISSO is responsible at Nuclear Fuel Services (NFS), including sensitive unclassified networks and National Security Systems supporting business, special purpose, and security functions. The ISSO provides certification documentation to the NFS Information Systems Security Manager (ISSM) for all information system accreditations and performs other duties as required to implement the Cyber Security programs necessary to support U.S. Government regulatory requirements, (DOE/NNSA, NRC, etc.). The candidate will be responsible for the following scope of work duties:
- Ensures implementation of protection measures documented in the ISSP for each information system for which they are the ISSO.
- Ensures that privileged users are granted access to information system resources based on the least privilege principle.
- Identifies, in coordination with the ISSM, and documents in the ISSP, unique threats to information systems for which they are responsible.
- Ensures that the consequences of loss of confidentiality, integrity, and availability for the information is determined prior to use of an information system during the certification and accreditation process.
- Notifies the ISSM of any changes to the consequences of loss of confidentiality, integrity, and availability for the system.
- Documents any special protection requirements identified by the application owner, data owner, or data steward and ensures that these requirements are included within the protection measures implemented in the information system.
- Ensures each information system for which they are the ISSO is covered by an ISSP
- Maintains a copy of the ISSP for each information system for which they are the ISSO
- Ensures that all information system security-related documentation is current and accessible to properly authorized individuals
- Ensures the implementation of procedures as defined in the Cyber Security Program Plan (CSPP) and the ISSP for each information system for which they are the ISSO
- Ensures that system recovery processes are monitored to ensure that security features and procedures are properly restored
- Ensures that the cognizant ISSM is notified when an information system is no longer needed, or when the changes occur that might affect the accreditation of the information system
- Ensures that information access controls and cyber protection measures are implemented for each information system as described by the ISSP
- Ensures that users and System Administrators are properly trained in information system security by identifying cyber security training needs and the personnel who need to attend the cyber security training program
- Conducts cyber security reviews and tests to ensure that cyber security features and controls are functioning and effective
- Participates in the ISSM’s self-assessment and training programs
- Ensures that risk assessment is completed for information systems for which they are responsible
- Communicates individual incident reports to the ISSM to allow the ISSM to meet their reporting schedule
- Ensures the implementation of all applicable protection measures for each information system for which they are responsible
- Ensures that unauthorized personnel are not granted use of, or access to, the information system
- Report immediately all security incidents and potential vulnerabilities involving the information to the appropriate ISSM
- Candidate must have experience conducting risk assessments and writing System Security Plans (SSPs)
- Must have a working knowledge of system functions, cyber security policies, and cyber security protection requirements
- Must have excellent written and verbal communications skills
- Should currently hold the Security+, GSEC, or CISSP certification or demonstrate an equivalent level of knowledge and experience
- Must be able to maintain confidentiality when working with sensitive information
US Citizenship, with no dual citizenship is required for this position.
Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified information or matter. Position requires U.S. Citizenship with (no dual citizenship) ability to obtain and maintain a Department of Energy (DOE) security clearance which involves an extensive criminal and financial background investigation and previous employment reference verifications.
BWXT supports diversity and is committed to the concept of Equal Employment Opportunity. We have established procedures to ensure that all personnel actions such as recruitment, compensation, career development, benefits, company-sponsored training and social recreational programs are administered without regard to race, color religion, gender, national origin, citizenship, age, disability or veteran status.
Brent Neas | CISSP, GPEN, GSNA, CISA
Cyber Security Architect
BWX Technologies Inc.