Organizational Computer Security Officer Representative

at  Rothe Development Inc

ORGANIZATIONAL COMPUTER SECURITY OFFICER REPRESENTATIVE

Rothe Development, Inc. has an immediate opening for an Organizational Computer Security Officer Representative (OCSO-R) under the Mission Enabling Services Contract (MESC) Baseline B. MESC B supports the Flight Operations Directorate (FOD) at Johnson Space Center.

SKILLS / EXPERIENCE / EDUCATION / CERTIFICATIONS

• Ability to effectively coordinate A&A activities for information systems to meet milestone requirements
• Certified Authorization Professional (CAP) is required
• Certified Information Systems Security Professional (CISSP) certification is required
• BA/BS degree with 2 -5 years’ experience
• Strong familiarity with National Institute of Standards in Technology (NIST) 800-53
• Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, and information processing systems.
• Technical understanding of information technology systems, software, and networks.

• Provide support for effective and comprehensive Assessment and Authorization (A&A) services for NASA FOD information systems, including OT and cloud systems. Supported services include but are not limited to the following:
  o Security categorization support
  o Control selection and tailoring
  o Control implementation
  o System security plan development and maintenance
  o Risk assessments
  o Security control self-assessments, including cloud provider controls
  o Continuous monitoring strategy development, maintenance, and implementation

o Authorization decision support

• Develop and maintain system security authorization documentation
• Prepare and brief initial and ongoing authorization products as directed by the Government
• Support the development and maintenance of detailed and accurate System Security Plans (SSP), including security documentation for component and interface specifications, to support appropriate cybersecurity and privacy throughout the information systems’ life cycle
• Assist in the development and maintenance of effective Agency processes for implementing A&A requirements, that are consistent across all NASA organizations and information systems but flexible enough to support specific system or mission needs
• Assist the Government in developing, maintaining, communicating, and implementing a methodology for determining the appropriate rigor for performing A&A services for each information system, commensurate with the information system’s level of risk and other relevant criteria
• Assist in the performance of risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Track and manage Plans of Actions and Milestones (POA&M) in NASA’s authoritative A&A repository
• Ensure that accepted risks are documented, including documentation to support risk acceptance decisions, and reviewed regularly in accordance with NASA A&A policies and procedures
• Prepare any necessary documentation, participate in interviews, and work with Security Control Assessors to support any other methods necessary to complete the security control assessment to ensure accurate assessment findings
• Assist the FOD OCSO and OSCO alternates in all roles and duties as defined and enumerated in NASA Procedural Requirements (NPR) 2810.F Security of Information and Information Systems