Compliance ISSO and Enterprise Cybersecurity Security Architect

Booz Allen Hamilton•McLean, VA

1d•$99,000 - $225,000•Remote

About The Position

Enterprise Cybersecurity (ECS) Governance, Risk and Compliance (GRC) plays a pivotal role in safeguarding the organization's sensitive information and ensuring compliance with stringent cybersecurity regulation and guidance. As the Information System Security Officer (ISSO) for Impact Level 5 (IL5) environments, you will serve as the subject matter expert bridging regulatory compliance and guidance with security architecture and engineering execution. You will translate stringent IL5 mandates into actionable technical requirements for implementation teams. You will partner directly with system architects and engineers to evaluate topologies, configurations, and ensure security controls are effectively implemented. The Information Security Risk Specialist will lead with a hands-on approach to ensure that security and compliance are achieved across IL5 environments. Due to the nature of work performed within this facility, U.S. citizenship is required. Join us. The world can’t wait.

Requirements

10+ years of experience in cybersecurity and GRC
Experience in cybersecurity, network security architecture, and engineering with GRC roles, such as Security Control Assessor (SCA), Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM)
Experience evaluating and advising on technical security implementations
Experience performing in-depth technical assessments of network architectures, system configurations, and scan results to evaluate true control effectiveness beyond standard paperwork compliance
Knowledge of network defense tools
Knowledge of Department of Defense (DoD), Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), DevSecOps principles, and Infrastructure as Code (IAC) for security controls, assessments, and risk mitigation into specific, actionable technical tasks for IL5 environments
Ability to manage the full risk lifecycle, from identifying technical vulnerabilities to guiding engineering teams through the implementation of mitigation strategies and final closure.
HS diploma or GED
U.S. citizenship is required.

Nice To Haves

Experience bridging the communication gap between highly technical engineering staff and executive leadership, clearly translating technical system risks into business impact
Experience identifying architectural or network problems, determining pragmatic engineering solutions, and executing with minimal supervision to uphold IL5 compliance
Ability to quickly comprehend complex technical problems, draw logical conclusions, and make sound decisions to drive remediation to closure
Bachelor’s degree
Cybersecurity Certifications such as EC-Council, GIAC, ISC2, AWS, or PMI Certifications

Responsibilities

Serve as the subject matter expert bridging regulatory compliance and guidance with security architecture and engineering execution.
Translate stringent IL5 mandates into actionable technical requirements for implementation teams.
Partner directly with system architects and engineers to evaluate topologies, configurations, and ensure security controls are effectively implemented.
Lead with a hands-on approach to ensure that security and compliance are achieved across IL5 environments.
Manage the full risk lifecycle, from identifying technical vulnerabilities to guiding engineering teams through the implementation of mitigation strategies and final closure.