Information System Security Officer (ISSO)

Peraton•Bowie, MD

1d•Onsite

About The Position

Peraton is looking for an experienced Information System Security Officer (ISSO) to join our team on the Brand New Air Traffic Control System (BNATCS). The ideal candidate will have experience supporting NIST and FedRAMP lifecycle activities; have regularly interfaced with senior government leadership, authorizing officials, program managers, and technical teams to communicate information system cybersecurity requirements, posture, risk impacts, compliance status, etc.; and have a demonstrative history of supporting information system authorization efforts, continuous monitoring activities, and audit readiness initiatives while maintaining mission continuity. Day to Day Work Responsibilities: Work closely under the supervision of the Governance Risk and Compliance (GRC) Lead, and with system engineers, architects, and other security personnel within the Peraton National Airspace Sector (NAS) to ensure information system control measures are tailored, documented, implemented, operating as intended, and producing desired results Support authorization activities by developing, maintaining, and controlling information system security plan (SSP) documentation in accordance with federal guidelines. This documentation includes, but is not limited to: Contingency Plans, Disaster Recovery Plans, Incident Response Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plans, other checklists, templates, and tools to aid in Security Assessment and Authorization (A&A) processes Conduct information system security control reviews, produce documented findings, and recommend remediation efforts Monitor information system security posture and coordinate vulnerability remediation with technical teams Produce, track, and manage Plan of Action and Milestone (POA&M) corrective actions from identification through closure Review system changes for security impact and ensure process and compliance requirements are addressed Support internal and external audits by preparing information system artifacts and responding to auditor information requests Assist with incident reporting and security event coordination Collaborate with cross-functional teams to integrate cybersecurity requirements into operational processes

Requirements

Minimum of a Bachelor’s degree with 8+ years of experience, Master's degree with 6+ YoE, or Ph.D. with 3+ YoE in an Information System Security Official (ISSO) role for one or more government information systems
Strong experience working with Federal Information Processing (FIPS), FISMA, FedRAMP and other cybersecurity related laws, regulations and directives
Well versed in developing, documenting, maintaining, and shepherding information system security plans (SSPs) through all phases of the NIST Risk Management Framework from Prepare and Categorize through Authorize and Monitor
Self-motivated and tenacious about cybersecurity with the ability to work effectively under pressure and manage multiple priorities in a fast-paced environment
Excellent communication skills and ability to demonstrate sound judgment, integrity, and strong problem-solving skills
US Citizenship with the ability to obtain/maintain a FAA suitability background investigation
This is a 100% on-site position; Candidates must be local and willing to commute to our Chantilly/Herndon, VA or Bowie, MD locations.

Nice To Haves

Degree in Information Technology, Cybersecurity, Computer Science, or related IT field
One or more of the following professional certifications: CISA, CRISC, CISM, or CISSP
In-depth knowledge of FAA’s Security Policy 1370.121B and 1600.75 and understands DOT and FAA Security Policies

Responsibilities

Work closely under the supervision of the Governance Risk and Compliance (GRC) Lead, and with system engineers, architects, and other security personnel within the Peraton National Airspace Sector (NAS) to ensure information system control measures are tailored, documented, implemented, operating as intended, and producing desired results
Support authorization activities by developing, maintaining, and controlling information system security plan (SSP) documentation in accordance with federal guidelines. This documentation includes, but is not limited to: Contingency Plans, Disaster Recovery Plans, Incident Response Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plans, other checklists, templates, and tools to aid in Security Assessment and Authorization (A&A) processes
Conduct information system security control reviews, produce documented findings, and recommend remediation efforts
Monitor information system security posture and coordinate vulnerability remediation with technical teams
Produce, track, and manage Plan of Action and Milestone (POA&M) corrective actions from identification through closure
Review system changes for security impact and ensure process and compliance requirements are addressed
Support internal and external audits by preparing information system artifacts and responding to auditor information requests
Assist with incident reporting and security event coordination
Collaborate with cross-functional teams to integrate cybersecurity requirements into operational processes

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume