Information Systems Security Director

University of Oklahoma

Oklahoma, OK

ID: 7108333 (Ref.No. ta220662)
Posted: August 17, 2022
Application Deadline: Open Until Filled

Job Description

Job Description

--- 

The Information System Security Director (ISSD) reports directly to the Chief Information Security Officer, under the Office of Information Technology (IT) at the University of Oklahoma (OU).  The ISSD also works in conjuction with the Facility Security Officer, under the Office of the Vice President for Research and Partnerships (OVPRP) at the university of Oklahoma.  The ISSD will plan, program, budget, implement, manage, and oversee circuit management, classified information systems, networking equipment, encryption equipment, Communications Security (COMSEC), and all aspects of secure Information Technology environment. The ISSD will be responsible for developing all supporting documents, policies, and checklists to establish required capabilities and sustain classified or regulated information systems. This position will work closely with Defense Counterintelligence and Security Agency (DCSA) and federal authorities to ensure compliance for OU Classified Research IT capabilities.

Duties:

  • Developing, maintaining, and overseeing the system security program and policies for OU classified research and controlled unclassified research.
  • Ensuring compliance with current cyber security policies, concepts, and measures when designing, procuring, adopting, and developing new systems.
  • Ensuring the fulfillment of IO data requirements including incident response, collection, dissemination, and disposal.
  • Developing and implementing an effective system security education, training, and awareness program.
  • Maintaining a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Assess and Remediate vulnerabilities and mitigate risks using the SCAP Tool and POA&M Template in accordance with the National Industrial Security Program (NISP) and other contract-driven customer requirements.
  • Conduct Self-Inspections, Vulnerability Assessments and System Auditing
  • Perform duties as the COMSEC Responsible Officer (CRO) for Cryptographic materials and COMSEC Controlled Equipment as required.
  • Utilize the NISPOM as well as the DCSA Assessment and Authorization Process Manual (DAAPM) 2.2 to ensure compliance with Information System Security requirements.
  • Conduct other responsibilities as specified in the DAAPM and other federal regulations, policies, and guidance as required.
  • Other duties as assigned.
 

Job Requirements

--- 

Required Education: Bachelor's degree in Information Systems, Computer Science, other related field or specialized training required

  • 24 months of experience working as an ISSM or ISSO and familiarity with the DSCA Enterprise Mission Assurance Support Service (eMASS).

Skills:

  • Experience working with the DCSA Assessment and Authorization Process Manual, NIST Risk Management Framework, and NIST 800-53
  • Must be an effective communicator highly proficient in both oral presentation and written communication.

Certifications:

  • Must possess a TOP SECRET Department of Defense Security Clearance or ability to obtain.
  • In accordance with DoD 8570.01M and the DAAPM, the selected individual must have an IAM/T Level III Baseline Certification or attain one within 6 months of any the following conditions: USG-identified requirement, research contractual requirement, or after being directed by the FSO

Advertised Physical Requirements:

  • Must be able to engage in repetitive motions and communicate effectively.  Frequent exposure to pressure caused by deadlines and busy periods; ability to communicate, including expressing oneself or exchanging information with others; ability to use a computer daily.

Department Preferences:

  • Prior experience working with the Federal Government (DOD, DHS, IC or DOE) or working with industry or academic research environments.
  • Counterintelligence training and risk management program development.
  • Experience with Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and knowledge of Information Assurance Vulnerability Alerts (IAVAs).

Supervision:  1-5 Staff

 

Special Instructions: