Information System Security Officer - Mid

About The Position

Requirements

• U.S. Citizenship required
• Active Secret security clearance required
• FEMA EOD suitability or Current DHS or FEMA EOD preferred
• BS/BA + 10 years of applicable experience or equivalent combination
• Must have one of the following Information Assurance Technician (IAT) Level III qualifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Advanced Security Practitioner (CASP+)
• Minimum 5 years of experience in information security
• Demonstrated expertise in RMF, Information Security processes, FISMA, NIST SP 800-37, NIST SP 800-53
• Experience developing security documentation including SSPs, POA&Ms, and Contingency Plans
• Knowledge of DHS 4300 Series and federal cybersecurity requirements
• Experience with continuous monitoring and vulnerability management

Nice To Haves

• Previous DHS or DoD experience
• Experience with CSAM, RegScale, eMASS, or similar GRC tools
• Cloud security experience with AWS, Azure, or other platforms
• Knowledge of FedRAMP and cloud authorization processes
• Experience with automated security tools and scripting
• Strong technical writing and communication skills

Responsibilities

• Execute Risk Management Framework activities for ATO decisions and ensure systems meet compliance requirements while ensuring confidentiality, integrity, and availability of FEMA Information Systems through proper security control implementation.
• Implement security controls and conduct system assessments to identify vulnerabilities and gaps.
• Develop and maintain System Security Plans, Configuration Management Plans, and Contingency Plans.
• Conduct Security Impact Analyses and test configuration changes pre- and post-deployment.
• Support continuous monitoring of IT systems.
• Develop and track POA&Ms for identified vulnerabilities.
• Develop security requirement traceability matrices.
• Manage hardware and software inventory lists.
• Support cloud security initiatives.
• Participate in Change Advisory Board (CAB) reviews.
• Conduct technical vulnerability assessments.
• Provide audit support documentation.
• Respond to cybersecurity data calls with timely information to leadership.
• Prepare Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing.
• Generate POA&Ms within 0 to 15 days after vulnerability identification.
• Update System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur.
• Conduct Security Impact Analysis Reports within 5 business days after change notification.
• Analyze Risk Assessment Reports and FISMA Scorecard Analysis on a daily basis.
• Produce Weekly Activity Reports and Monthly Program Reports.
• Follow the Information Systems Security Officer (ISSO) Guide when developing, updating, or reviewing required security artifacts.
• Track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits
• flexible time off benefit