Information System Security Officer (ISSO)

About The Position

Requirements

• Active TS/SCI Clearance
• HS. Diploma
• Minimum of 3 years of experience
• Security+ Certification
• Ability to work onsite, at the customer site, in a Secure Compartmented Information Facility (SCIF) as required, dependent on workload.
• 3-5 years Cybersecurity experience, to include general working knowledge of network infrastructure, i.e., OSI Model.
• Working knowledge/familiarity with DHS Assessment and Authorization (A&A).
• Working knowledge and experience with CSAM GRC Tool and the NIST RMF.
• Knowledge of the process to obtain a system ATO and requirements to maintain the ATO.
• Experience working with system stakeholders to assess and manage system cybersecurity risk
• Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations.
• Ability to write clear, concise, and effective security control implementation statements
• Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
• Ability to draft a complete ATO package, to include the SSP.
• Ability to work independently and within given timelines.
• DHS Experience

Nice To Haves

• BS in Computer Science, Information Technology, or related field
• CISSP, Security+, CGRC (formerly CAP), CISM

Responsibilities

• Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2.
• Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s).
• Manage all aspects of Assessment and Authorization (A&A) of a small portfolio of classified systems.
• Advise and assist the customer throughout the entire lifecycle of the Assessment and Authorization (A&A) process to include the development of System Security Plans (SSP).
• Provide security engineering guidance and expertise to development teams that deploy new IT systems or integrating new technologies into existing systems.
• Continuously update all Security Authorization documentation to maintain assigned system’s ATO or system go live dates.
• Select the baseline security controls for the IT system, using CSAM, and tailor where appropriate.
• Document all relevant NIST 800-53 Security Controls for assigned IT systems in the SSP.
• Perform and document initial and annual risk self-assessments of all systems assigned
• Develop and document all supporting Security A&A artifacts (i.e., PTA, SSP, ITCP, BIA, CMP, MOU, ISA).
• Produce Security Authorization package for Authorizing Official (AO) signature including ATO.
• Track the deployment of software to the environment that is not part of the base image.
• Conduct security impact analyses of proposed changes, provide recommendations.
• Ability to analyze configuration settings, implementation of STIGs, and conducting manual checklists.
• Generate Plan of Actions & Milestones (POA&Ms), with meaningful milestones, for each non-compliant control for assigned IT Systems.