Information System Security Officer (ISSO) - Hybrid

About The Position

Requirements

• Strong working knowledge and familiarity with NIST publications and privacy frameworks.
• Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
• Demonstrated experience supporting an industry risk management tool executing A&A activities.
• Ability to identify and assess risks and recommend appropriate remediation strategies.
• Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments
• Ability to work independently and with teams
• Professional and polished interpersonal and communication skills
• Proficient with Microsoft Office to include Outlook, Word, PowerPoint, and Excel
• Completed Bachelor’s degree from an accredited university in an IT related field.
• Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
• One or more of the following certifications: Security+, Network+, CASP, CISA, CEH, or other industry recognized certification
• At minimum 5+ years of hands-on work experience with ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.

Nice To Haves

• CISSP or CISM certification

Responsibilities

• Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization;
• The ISSO shall have oversight responsibility to ensure proper access controls have been implemented and managed;
• ISSO shall ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation.
• Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.
• Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information.
• Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.
• Follow agreed on procedures when providing documents;
• Collaborate with the Security Engineer in conducting security impact assessments on change to their respective FISMA systems.
• Collaborate with the Security Operations Center in reviewing vulnerability and compliance scan results at an agreed upon frequency. Any findings in the scan results are to be tracked as a corrective action plan and managed in CSAM as a POAM

Benefits

• Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets.
• Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.
• You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.
• You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.