(603) Information System Security Officer (ISSO) III

Company Summary Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future.  Position Description: The Information System Security Officer (ISSO) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key cybersecurity professional for NSWCPD Code 104. This key personnel position is responsible for coordinating cybersecurity processes and activities for assigned systems, ensuring compliance with all applicable policies, and managing security controls implementation throughout the Risk Management Framework (RMF) lifecycle. Location:  Philadelphia, PA Clearance:  Active Secret Responsibilities and/or Success Factors: Cybersecurity Compliance and Policy Implementation  Assist the Information System Security Managers (ISSM) in executing their duties and responsibilities Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies  Ensure relevant cybersecurity policy and procedural documentation is current and accessible  Coordinate cybersecurity processes and activities for assigned systems  Report changes in system security posture to the ISSM Security Assessment and Authorization (A&A) Management  Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs Provide oversight of Security Plans for assigned systems throughout their lifecycle  Manage and maintain Plan of Actions and Milestones (POA&M), tracking vulnerabilities through remediation  Assist with identification of security control baselines and applicable overlays  Coordinate the validation of security controls with Navy Qualified Validators (NQV)  Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews  Adjudicate findings from Package Submitting Officer (PSO) System Security Management Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS)  Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews  Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM)  Participate in change control and configuration management processes  Ensure execution of Continuous Monitoring requirements as defined in system strategies  Review all data produced by Continuous Monitoring activities and update eMASS records as necessary  Correlate findings from non-RMF vulnerability assessments to RMF controls for holistic risk assessment Cybersecurity Analysis and Reporting  Perform analysis of logs, events, and reporting from various data collection tools  Assess impacts from observed risks and report via the Cybersecurity Program chain of command  Present data to management in a comprehensive and cohesive manner  Develop reports and produce procedural documentation as required  Evaluate system administrator, security engineer, and/or system owner proposed corrections Minimum Qualifications Including Certificates: Must be a U.S. Citizen  Active Secret security clearance  Bachelor's degree in computer science, information technology, communications systems management, or equivalent STEM degree from an accredited college or university  Minimum 6 years of experience coordinating and implementing security changes, ensuring compliance with published policies, conducting cybersecurity vulnerability and threat analysis, and supporting cyber incident response  Current IAM-II certification (CAP, CASP+ CE, CISM, CISSP, GSLC, CCISO, or HCISPP) Desired Qualifications:  Experience with the DoD Information Assessment and Authorization (A&A) process  Familiarity with Risk Management Framework (RMF) implementation  Proficiency with eMASS, VRAM, and other DoD cybersecurity systems  Experience with NIST Special Publications and DoD/Navy cybersecurity directives  Experience with vulnerability management tools (ACAS, HBSS, etc.)  Knowledge of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) AAP Statement We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.   Offices: (NSWCPD Philadelphia);