NOVA Corporation is 100% tribally owned by the Navajo Nation.
NOVA Corporation is dedicated to providing outstanding services to its customers and employees. Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.
NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence. Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.
NOVA Corporation provides unique, custom solutions to meet our customers’ communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.
NOVA Corporation is an equal opportunity/affirmative action employer subject to the Navajo Preference in Employment Act.
NOVA is seeking an Information System Security Officer (ISSO) to secure multiple networks using the DoD RMF framework and assist with the transition from DIACAP to RMF. The ISSO will help shape and enhance the security and Information Assurance (IA) and cybersecurity posture for our client’s networks. This includes assisting with system classification, system authorization processes, and the drafting, tracking and following up on Plans of Actions & Milestones (POA&M's). The ISSO will be responsible for defining and executing the processes for how the client provides the status on all POA&M's and make recommendations to achieve full Authority to Operate for systems and applications. Additionally, the ISSO's duties include providing cybersecurity guidance and support to the information technology support team to ensure the proper certification and accreditation of all government systems and networks.
• Prepares, distributes, and maintains plans, instructions, guidance, and standard operational procedures concerning Information Security.
• Participates in IA risk assessments during the C&A process.
• Prepares, reviews, and evaluates documentation of compliance.
• Prepares recommendations for the AO.
• Reviews IA and IA enabled software, hardware, and firmware for compliance with appropriate security configuration guidelines, policies, and procedures.
• Reviews IA security plans.
• Identifies alternative functional IA security strategies to address organizational security concerns.
• Reviews security safeguards to determine that security concerns identified in approved policies, plans, and doctrine have been fully addressed.
• Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and follow IA policies and procedures.
• Develops, implements, and maintains information security programs appropriate for multiple networks
• Implements effective security monitoring protocols; appropriately responds to and remediates information security threats
• Manages information security compliance efforts, with an emphasis on regulatory requirements (DIACAP, RMF)
• Conducts information security risk assessments and effectively communicates risk to program manager and client
• Interacts with various departments and individuals across the enterprise to achieve information security objectives
• Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals
• Develops procedures to maintain security and protect systems from security threats. Works with IT Support Manager to ensure that best practices are incorporated into policy in support of our quality management efforts
• Provides leadership and concurrence in configuration control, planning and implementation of projects for computer security and enterprise systems administration
• Ensures adherence to IA/cybersecurity policies, procedures and training for all assigned staff
• Serves as the primary point of contact for IA/cybersecurity policy, guidance, and DIACAP Certification and Accreditation (C&A) and RMF requirements and implementation
• Experience with DOD 8510 (DIACAP and RMF), DoD 6510 and 8500 series instructions, and NIST 800 series guidance
• Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulations
• Experience working with information security practices, networks, software, and hardware
• Strong analytical and problem solving skills for resolving security issues
• Good organization skills to balance work and lead projects
• Basic leadership skills to effectively mentor and lead junior level personnel
• Good interpersonal skills to interact with customers and team members
• Strong communication skills to interact with team members and support personnel
• Ability to work in a team environment
• Required: DOD 8570-01M IAT Level II certification (CompTIA Security +, CASP, CeH, or equivalent)
• Preferred: DoD 8570-01M IAT Level III certification (CISSP, CISA, or equivalent)
• Required: Minimum Associates degree in computer sciences, information security, or related field with 5-7 years’ relevant experience
• Preferred: Bachelor’s Degree in computer sciences, information security, or related field with 3-5 years relevant experience