Information System Security Officer

About The Position

Requirements

• Masters or Bachelor's degree in Computer Science, Information Security, Cyber Security, or relevant discipline.
• Eight (8) years of related experience. Without a master’s degree, ten (10) years of related experience is required.
• Prior performance in roles such as system administration, networking administration, or ISSO.
• Knowledge of NIST SP-800-53, Rev 4 and Rev 5.
• Familiarity with system security and privacy within cloud environments (AWS, specifically).
• Demonstrated experience with risk management and auditing.
• Excellent verbal and written communications skills, including the ability to communicate complicated technical and security concepts to both technical and non-technical stakeholders.
• Position of Trust or greater clearance (can be obtained after starting).

Nice To Haves

• CISSP, CISA, CISM, and/or cloud-based security certification (e.g. CCSP, COMPTIA Cloud+, or equiv) preferred.
• Knowledge of and experience with Environmental Protection Agency (EPA) security policies and procedures.

Responsibilities

• Identify cyber security vulnerabilities and assist with the implementation of appropriate mitigations or countermeasures.
• Conduct and support, when assessed or audited, periodic reviews of the information system to ensure compliance with the security and privacy authorization package (currently NIST 800-SP53 Rev. 4/5).
• Coordinate changes to the system infrastructure or software to ensure continued compliance with security and privacy requirements.
• Coordinate the response to the annual continuous monitoring assessment audit, and ensure the system’s continued Authorization to Operate (ATO).
• Ensure audit evidence is collected, reviewed, and documented, including any risk exceptions.
• Identify and notify the program manager when changes occur that might affect the authorization determination for the information system.
• Provide analysis of systems, hardware, software, and maintenance needs.
• Provide document review and updates of all security- and privacy-related documentation.
• Routinely review Tenable scan results and coordinate with team members to ensure vulnerabilities are addressed within the target remediation timeframes.
• Routinely review Splunk reports to detect security threats, anomalous activities, unauthorized access, or other malicious behavior.
• Develop, coordinate and conduct training and tabletop exercises related to continuity of operations, contingency planning, incident handling and response, awareness, disaster recovery, etc.
• Coordinate with other EPA organizational entities to ensure compliance with EPA and other federal requirements, specifications, and reporting.
• Prepare reports on the status of system security and privacy, vulnerabilities, and responses to other customer inquiries and data calls.

Benefits

• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance