Information System Security Officer (ISSO)

CACI•Chantilly, VA

16d

About The Position

Exciting Opportunity: Join Our Dynamic Cybersecurity Team as an Information Systems Security Officer (ISSO)! Are you passionate about cybersecurity and eager to make a significant impact? We are thrilled to announce an opening for a dedicated and detail-oriented Information Systems Security Officer (ISSO) to join our innovative cybersecurity team. In this role, you will play a pivotal part in our Continuous Monitoring program, ensuring alignment with Federal guidelines and standards. Why You’ll Love This Role: As an ISSO, you will be at the forefront of protecting our information systems, contributing to a secure and compliant environment. You’ll work with a talented team, leveraging your expertise in the Risk Management Framework (RMF) and NIST SP 800 series publications to enhance our security posture.

Requirements

Clearance: An active TS/SCI with Polygraph.
Experience: BS/BA or equivalent experience and a minimum of 7 years in a related field.
Specialized Experience: 2-5 years in information security, with a strong focus on continuous monitoring and RMF.
Certifications: Relevant certifications such as Security+, CISSP, CISM, or CAP.
Knowledge: In-depth understanding of NIST SP 800 series publications, especially SP 800-37, SP 800-53, and SP 800-137.
Regulations: Familiarity with Federal information security regulations and guidelines (e.g., FISMA, FedRAMP).
Tools: Experience with security tools like vulnerability scanners, SIEM systems, and GRC platforms.
Skills: Strong analytical and problem-solving skills, coupled with excellent written and verbal communication abilities.
Team Player: Ability to work effectively in a team environment and collaborate with various stakeholders.

Nice To Haves

Government Experience: Experience in a government or government contractor environment.
Automation: Familiarity with automation tools for continuous monitoring processes.
Tenable: Experience with Tenable.
Splunk: Experience with Splunk.
Qmulos Q-Audit: Experience with Qmulos Q-Audit.

Responsibilities

Implement and Maintain Continuous Monitoring: Develop and sustain a robust Continuous Monitoring program in line with RMF and NIST SP 800-137 guidelines.
Conduct Security Assessments: Perform regular security assessments and vulnerability scans to identify and mitigate potential risks.
Real-Time Monitoring: Keep a vigilant eye on security controls and their effectiveness, ensuring our systems remain protected around the clock.
Trend Analysis: Analyze security-related data to spot trends and emerging threats, allowing us to stay one step ahead.
Documentation: Prepare and maintain comprehensive documentation for security status reporting, ensuring transparency and compliance.
Collaborative Remediation: Work closely with system owners and stakeholders to address security findings and implement effective remediation plans.
System Security Plans: Assist in creating and updating System Security Plans (SSPs) and other essential RMF documentation.
ATO Support: Provide vital support for the Authorization to Operate (ATO) process, ensuring our systems meet all necessary standards.
Stay Current: Keep abreast of the latest cybersecurity threats, technologies, and compliance requirements to continually enhance our defenses.
Incident Response: Participate in incident response activities, helping to swiftly address and resolve security incidents.