SMC - Information System Security Officer
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security
Position Summary
Ensure the appropriate operational security posture for the Specific Manufacturing Capability (SMC) Information System (IS) is maintained, including implementation of DoW and SMC Site cybersecurity policies, practices, and procedures. Work with IS owners, the Information System Security Manager (ISSM), and serve as advisor on all matters, technical and otherwise, involving security of the IS.
Essential Job Functions and Responsibilities- Conduct audits of SMC IS to ensure compliance with Joint Special Access Program (SAP) Implementation Guide (JSIG) and DoW Cybersecurity Service Provider (CSSP) requirements.
- Lead and direct the development of IS accreditation packages (e.g., system security plan, security control assessment, risk assessment) in accordance with federal directives and the Risk Management Framework (RMF).
- Report all security‑related incidents to the ISSM.
- Integrate applicable IS requirements, controls, and processes into design specifications in accordance with DoW established standards, policies, procedures, guidelines, directives, regulations and laws.
- Act as subject matter expert on security of basic network and telecommunications services/data, including perimeter defense strategies, defense‑in‑depth strategies, and data encryption techniques.
- Coordinate changes or modifications to hardware, software, or firmware with the ISSM and AO/DAO prior to implementation.
- Collect, review, and document audit records (including anomalies).
- Ensure all IS security‑related documentation is current and accessible to authorized individuals.
- Lead in maintaining change control and configuration management of the IS to protect the system and data.
- Perform data collection, analysis, reporting, and briefing activities associated with security operations and maintenance.
- Verify cybersecurity awareness training and requirements are current for IS users; develop training material as needed.
- Coordinate with management and security offices to ensure IS users have required security clearances and need‑to‑know authorizations before accessing IS; collect and track user documentation.
- Identify, categorize, investigate, isolate, assess, and report IS cybersecurity incidents in coordination with other organizations.
- Participate in creation, review, and assessment of policies and procedures supporting secure use and operation of SMC information systems (e.g., system security plans, vulnerability management, risk management, configuration management, change management).
- Promote awareness of cyber policy and strategy among management.
- Assist the ISSM and assume ISSM responsibilities in their absence.
- Attend required technical and security training (e.g., operating system, networking, security management).
- Maintain required IA certifications.
- Perform other duties as assigned.
- Level 4 – Bachelor’s degree with 9 years experience, or Master’s degree with 6 years experience, or PhD with 4 years experience.
- Relevant experience commensurate with level.
- Must hold DoD 8570/8140 IAM Level II certification (CISSP, CAP, CISM, GSLC). CISSP or CISM preferred; otherwise obtain within 6 months of hire.
- Working experience with NIST 800‑53, CNSS 1253, FISMA, and/or JSIG Rev 4.
- Strong analytical and problem‑solving skills.
- Must be a U.S. citizen and hold an active DOE “Q” clearance (or DOD/DOJ equivalent).
Frequent standing, walking, sitting, stooping, kneeling, bending, hand use, tool manipulation, keyboard use, reaching, and occasional lifting of up to 30 pounds. Sufficient visual acuity and hearing capacity required. Reasonable accommodations may be provided.
Working ConditionsOffice environment that may include stairs; moderate noise level with occasional loud noises. Requires working more than 8 hours/day, irregular hours, and sometimes alone.
Security and Privacy LanguageThis position includes information security and privacy responsibilities as defined by NIST SP 800‑53, OMB Circular A‑130, and DOE Order 206.1A. The incumbent must complete initial and annual role‑specific training, sign all required access agreements, and comply with all applicable information…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).