Sr. Information Systems Security Manager (Isso)
Current• My primary task was to plan, coordinate, and execute SA&A and annual security assessment activities, including scheduling, tracking, and updating the activities in Microsoft (MS) Project, and providing project status updates to management. Develop SA&A related documentation such as the Security Assessment Report (SAR), System Security Plan (SSP), and Risk Assessment (RA).• My secondary tasks were to Develop Plan of Action and Milestones (POA&Ms) for identified vulnerabilities; manage and track POA&Ms and their remediation using the FISMA reporting tool, Cyber Security Assessment and Management (CSAM); and provide federal management with weekly briefs.• Remediate system vulnerabilities IAW STIGS and DoD policies.• Generate Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), Risk Management Framework (RMF) packages, and collaborate with staff agencies to obtain required IATT and ATO certifications.• Collaborate with and provide IA technical direction to the existing engineering team and non-engineer personnel.• Collaborate with senior PEO personnel and other engineering and technical support as it relates to research and assessment of emerging technologies, system integration, testing and evaluation, and system architecture design in order to facilitate PEO fielding of material solutions to meet mission requirements.• Consult with senior management and customers concerning IA project matters. • Work with XACTA/eMASS to maintain IA packages.• Assist ISSO/ISSE/SA’s in the RMF/eMASS with initial ATO process as well as ATO reauthorization.• Provide technical ass instance to the System Owner/organization when required.• Assist the SCA when needed• Mitigates system vulnerabilities and recommends compensating controls.