Ensure a process for managing changes in user access to ISs (as required access and need-to-know change) and for terminating user access when it is no longer required or authorized, according to established policy requirements
Ensure general users and privileged users are trained in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators.
Develop, implement, and enforce information systems security policies
Ensure that system security requirements are addressed during all phases of the IS lifecycle
Manage the review and release of media and/or memory components
Develop and maintain System Security Plans (SSPs) and all other system security documentation, reviewing and updating them at least annually for all assigned systems
Author or coordinate the development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required) , and Incident Response Plan (IRP)
Support risk assessment and evaluation activities throughout the Certification and Accreditation (C&A) or site accreditation process
Implement a strategy for continuous monitoring for assigned systems including: Establishing system audit trails and ensuring their review, reporting all identified security findings and initiating the periodic review of security controls
Ensure compliance with annual Federal Information Security Management Act (FISMA) deliverables and reporting, if required for assigned ISs
Ensure security awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code or other adverse IS conditions. This includes exercise of continuity and/or disaster recovery plans, as required
Initiate, with ISSM or CSO approval, protective and corrective measures when a security incident or vulnerability is discovered. Monitor IS recovery processes and ensure proper restoration of IS security features
Oversee IS recovery processes for all unplanned outages, including Disaster Recovery and initiation of the CP, whether actual or exercise
Advises the System Owners regarding security considerations in the various applications
Serves as a resource for users concerning all security questions regarding assigned systems and applications
Works closely with the System Administration to maintain the various system and application certifications and accreditations (C&A) status
Ensure that all users have the requisite security clearances, authorization, and need-to know before granting access to the IS, and administer/witness signing of user agreements and or Rules of Behavior
Research and maintains knowledge of Information Assurance (IA) policies and practices, seeking clarification from the ISSM or higher authority when needed, and disseminates these to users
Perform leadership responsibilities to mentor and provide direction to more junior-level team members, as requested