Position Description
"DS-03: The incumbent serves as an Information Systems Security Officer (ISSO). The candidate will ensure the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. The individual assigned to the ISSO billet must have or be eligible to obtain a DoD Top Secret security clearance based upon an Single Scope Background Investigation (SSBI); currently possess or obtain a DoD 8570.01-M IA baseline IAT level II or IAM level I certification within the first six months of employment; able to travel periodically in support of the organizations cybersecurity operations and cyber-thrusts; possess 1-3 years of information assurance or cybersecurity related experience.
Functions commonly performed by employees in this specialty may include:
-- Assist the Information Systems Security Manager (ISSM) by developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data;
-- Assume ISSM responsibilities in the absence of the ISSM;
-- Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs;
-- Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals;
-- Conducting systems security evaluations, audits, and reviews;
-- Developing systems security contingency plans and disaster recovery procedures;
-- Serve as member of the Change Control Board (CCB);
-- Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures;
-- Participating in network and systems design to ensure implementation of appropriate systems security policies;
-- Assessing security events to determine impact and implementing corrective actions; and/or
-- Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
-- Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly;
-- Ensure audit records are collected, reviewed, and documented (to include any anomalies).
Specific duties Include but are not limited to:
1. Maintain the organizations cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures in direct collaboration with the Cyber Security Directorate (CSD).
2. Act as a cybersecurity technical advisor for the organization and to the AO for the systems under their purview.
3. As a cybersecurity subject matter expert in securing nationwide multi-level security information systems, works directly with the ISSM and other organizations, Navy and non-Navy, to formulate new policies and procedures for risk analysis and risk management solutions that can be adapted and applied to future systems.
4. Communicate and collaborate with the Command ISSM and Command Security Manager in areas of mutual interest and impact.
5. Analyze customer information systems for risk to the organization.
6. Maintain a repository for all cybersecurity-related documentation, i.e. Cybersecurity Workforce (CSWF) management and tracking, Certification and Accreditation (C&A), and Computer Network Defense (CND).
7. Monitor information systems and user compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.
8. Ensure that any cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
9. Ensure implementation of IS security measures and procedures, including reporting incidents to the ISSM Authorizing Official (AO) and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, ""DoD Information Security Program,"" February 24, 2012.
10. Ensure that the handling of possible or actual data spills of classified information resident in NAWCWD ISs, are conducted in accordance with DoD Manual 5200.01, Volume 3, ""DoD Information Security Program: Protection of Classified Information,"" February 24, 2012, as amended.
11. Ensure that any cybersecurity-related events or configuration changes that may impact system authorization or security posture are formally reported to the ISSM and/or AO and other affected parties.
DS-04:Specific duties include but are not limited to: 1. Maintain the organizations cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures in direct collaboration with the Cyber Security Directorate (CSD). 2. Act as a cybersecurity technical advisor for the organization and to the AO for the systems under their purview. 3. Assisting in securing nationwide multi-level security information systems, works directly with the ISSM and other organizations, Navy and non-Navy, to formulate new policies and procedures for risk analysis and risk management solutions that can be adapted and applied to future systems. 4. Communicate and collaborate with the Command ISSM (CISSM) and Command Security Manager in areas of mutual interest and impact. 5. Analyze customer information systems for risk to the organization. 6. Maintain a repository for all cybersecurity-related documentation, i.e. Cybersecurity Workforce (CSWF) management and tracking, Certification and Accreditation (C&A), and Computer Network Defense (CND). 7. Monitor information systems and user compliance with cybersecurity policy, as appropriate, and review the results of such monitoring. 8. Ensure that any cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations. 9. Ensure implementation of IS security measures and procedures, including reporting incidents to the ISSM or CISSM, Authorizing Official (AO) and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, ""DoD Information Security Program,"" February 24, 2012. 10. Ensure that the handling of possible or actual data spills of classified information resident in NAWCWD ISs, are conducted in accordance with DoD Manual 5200.01, Volume 3, ""DoD Information Security Program: Protection of Classified Information,"" February 24, 2012, as amended. 11. Ensure that any cybersecurity-related events or configuration changes that may affect the system authorization or security posture of the IS are formally reported to the ISSM/CISSM and/or AO and other affected parties. Additional functions commonly performed by employees in this specialty may include: -- Assist the Information Systems Security Manager (ISSM) by developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; -- Assume ISSM responsibilities in the absence of the ISSM; -- Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs; -- Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals; -- Conducting systems security evaluations, audits, and reviews; -- Developing systems security contingency plans and disaster recovery procedures; -- Serve as member of the Change Control Board (CCB); -- Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures; -- Participating in network and systems design to ensure implementation of appropriate systems security policies; -- Assessing security events to determine impact and implementing corrective actions; and/or -- Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. -- Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly; -- Ensure audit records are collected, reviewed, and documented (to include any anomalies).
Position Duties/Responsibilities
DS-05:
Maintain the organizations cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures in direct collaboration with the Cyber Security Directorate (CSD). 2. Act as a cybersecurity technical advisor for the organization and to the AO for the systems under their purview. 3. As a cybersecurity subject matter expert in securing nationwide multi-level security information systems, works directly with the ISSM and other organizations, Navy and non-Navy, to formulate new policies and procedures for risk analysis and risk management solutions that can be adapted and applied to future systems. 4. Communicate and collaborate with the Command ISSM (CISSM) and Command Security Manager in areas of mutual interest and impact. 5. Analyze customer information systems for risk to the organization. 6. Maintain a repository for all cybersecurity-related documentation, i.e. Cybersecurity Workforce (CSWF) management and tracking, Certification and Accreditation (C&A), and Computer Network Defense (CND). 7. Monitor information systems and user compliance with cybersecurity policy, as appropriate, and review the results of such monitoring. 8. Ensure that any cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations. 9. Ensure implementation of IS security measures and procedures, including reporting incidents to the ISSM or CISSM, Authorizing Official (AO) and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, ""DoD Information Security Program,"" February 24, 2012. 10. Ensure that the handling of possible or actual data spills of classified information resident in NAWCWD ISs, are conducted in accordance with DoD Manual 5200.01, Volume 3, ""DoD Information Security Program: Protection of Classified Information,"" February 24, 2012, as amended. 11. Ensure that any cybersecurity-related events or configuration changes that may affect the system authorization or security posture of the IS are formally reported to the ISSM/CISSM and/or AO and other affected parties. Additional functions commonly performed by employees in this specialty may include: -- Assist the Information Systems Security Manager (ISSM) by developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; -- Assume ISSM responsibilities in the absence of the ISSM; -- Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs; -- Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals; -- Conducting systems security evaluations, audits, and reviews; -- Developing systems security contingency plans and disaster recovery procedures; -- Serve as member of the Change Control Board (CCB); -- Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures; -- Participating in network and systems design to ensure implementation of appropriate systems security policies; -- Assessing security events to determine impact and implementing corrective actions; and/or -- Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. -- Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly; -- Ensure audit records are collected, reviewed, and documented (to include any anomalies). Act in a lead capacity and oversee teams and projects."
Minimum Salary
69,729
Maximum Salary
$156,323
Our work in leading-edge defense systems, engineering, computer science, electronics, finance, logistics, and contract management provides our Sailors and Marines with the capabilities they need to accomplish their mission and return home safely.
NAVAIR’s culture is as rich and diverse as its people. Civilians work side-by-side with military personnel to accomplish the NAVAIR mission.