Information Systems Security Officer (ISSO)

About The Position

Requirements

• A minimum of 8 years of progressive, technical (hands-on) experience in Information Assurance C&A, including being a key contributor to the various security documents created and maintained for the system.
• Being onsite on planned days – this position does require onsite support.
• Experience working as an ISSO supporting federal government information systems including developing and maintaining POA&M documentation.
• Experience with ISO, NIST and US Government standards and cybersecurity frameworks (e.g. FISMA, FIPS, HSPD), system administration.
• Additional understanding of IRS Publication 1075 for the safeguarding of Federal Tax Information(TFI).
• Experience creating/maintaining system documentation that adheres to the existing documentation standards, as well as drafting first-time documentation that includes all relevant and necessary information about the security posture of the system.
• IT security management, engineering, and analysis experience.
• Experience with ATT and ATO readiness following RMF Lifecycle execution guidelines.
• Performance with continuous monitoring accredited systems, including metrics, timelines, and escalation paths.
• Experience with boundary protections, preferably in a hybrid environment.
• Ability to build a security package that includes control inheritance.
• Must be a US citizen- TS/SCI clearance is required
• BS. in Information Technology or a closely related field.
• Active CISSP certification or CISM certification.

Responsibilities

• Provide technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, security implementation, and remediation.
• Extensive experience in documenting and managing Plans of Action and Milestones (POA&Ms).
• Proven ability to categorize security risks, prioritize corrective actions, and monitor progress toward mitigating technical and administrative vulnerabilities.
• Draft various security documents that either adhere to existing/revised standards or draft a first-time document that aligns with standards and logically includes all necessary information needed to effectively represent the system.
• Provide technical assistance in the designing and implementation of solutions for protecting confidentiality, integrity and the availability of sensitive information.
• Provide technical support and analysis in the identification, evaluation, investigation, and remediation of cyber and insider threats.
• Provide technical evaluations of CIV systems and assist with making security improvements.
• Participate in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to the CIV.
• Performs assessment of present levels of cyber security, offer recommendations on levels of risk, training personnel in proper cyber security protocols.
• Conduct security product evaluations, and recommend products, technologies and upgrades to improve the CIV systems security posture.
• Conduct testing and audit log reviews to evaluate the effectiveness of current security measures.
• Support and prepare security documentation for CIV systems for submission to designated reviewers.
• Participate in the management of accreditation of the CIV systems evaluating and certifying the implementation FISMA, the NIST security guidelines, and the Department’s plans, policies and guidelines.