Tyto Athene is searching for a ISSO Compliance SME. This role requires a broad range of cybersecurity skills and knowledge, covering both technical and strategic aspects of information security. The person in this position would play a crucial role in protecting an organization's digital assets and ensuring the overall security of its IT infrastructure. This position is specifically tailored to support the U.S. European Command (EUCOM) Headquarters' cybersecurity needs.
Responsibilities:
* This position is a senior cybersecurity role focused on maintaining security authorizations and compliance for multiple classified networks at US EUCOM. Here's a breakdown of the key responsibilities:
* Creating and maintaining Authorization packages to keep Authority to Operate (ATO) for multiple networks of varying classification levels.
* Ensuring System Administrators maintain required DoD 8140 certifications, training, and education as per US EUCOM requirements.
* Reviewing and providing recommendations to the Information System Security Manager (ISSM) regarding Hardware, Software, and Ports, Protocols, and Services (PPS) requests.
* Reviewing Plans of Action and Milestones (POA&Ms) for closure or extensions based on mission requirements.
* Reviewing Authorizing Official (AO) Risk Acceptance requests for validity and working with requestors on mitigations.
* Coordinating with the Defense Information Systems Agency (DISA) Security Control Assessor (SCA) for Authorization & Assessment reviews.
* The role will support NIPR (Non-classified Internet Protocol Router Network), SIPR (Secret Internet Protocol Router Network), and Mission Partner Environments.
* The cybersecurity professional will be responsible for:
* - System security posture assessment
* - Authorization process execution
* - Continuous monitoring
* The candidate will work as part of a team supporting our customer's products.
* Key responsibilities include:
* - Assessing information security controls on new and existing systems
* - Working with system owners to resolve and mitigate security findings
* - Helping maintains the security posture of systems and networks
* The role involves collaboration with both our customer's team members and EUCOM personnel.
Required:
* Secret clearance
* IAM III Certification (examples given are CISSP, CISM, GSLC)
* BA/BS +5 years recent specialized experience or 11 years of related work experience.
* Extensive knowledge of the RMF (Risk Management Framework) process
Desired:
* Knowledge of Commercial Solution for Classified (CSfC) Assessment and Authorization process
* Working knowledge of: ACAS, ESS, Carbon Black, eMASS
* Knowledge of DISA CAL (Defense Information Systems Agency Cyber Asset Library)
* Experience with DISA reviews, specifically:
* - A&A (Assessment and Authorization)
* - CCRI (Command Cyber Readiness Inspection)
* - CORA (Cyber Operational Readiness Assessment)
Compensation:
* Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
Benefits:
* Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.