Information Systems Security Officer (ISSO)
About The Position
Security Policy Implementation: Develop, implement, and enforce security policies, standards, and procedures to ensure the protection of information systems. Configuration Management: Ensure that all information systems are configured securely according to organizational policies and best practices. System Patching: Perform system patching in response to IAVAs and other security findings and requirements Risk Management: Conduct risk assessments to identify and mitigate potential security threats. Assess the impact of changes in the IT environment and update the risk management framework accordingly. Security Compliance: Ensure that information systems comply with relevant government and industry standards, such as NIST, FISMA, and DoD regulations. Prepare and maintain documentation to demonstrate compliance. Continuous Monitoring: Implement continuous monitoring processes to detect and respond to security vulnerabilities and threats. Utilize tools like SIEM (Security Information and Event Management) to monitor system activities. Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement. Collaboration: Work closely with other IT and security professionals to ensure a coordinated approach to cybersecurity. Liaise with external stakeholders, such as auditors and regulatory bodies, as needed. Documentation: Maintain comprehensive documentation of security policies, procedures, and measures taken to secure information systems. Prepare reports for management on security status and incidents. Security Enhancements: Recommend and implement security enhancements to improve the overall security posture of the organization. Stay updated with the latest security trends and technologies.
Requirements
- 2-5 years' experience in role
- Proficiency in using security tools and technologies, such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
- Knowledge of network security, application security, and endpoint security principles.
- Understanding of operating systems (Windows, Linux, etc.) and their security configurations.
- Familiarity with cloud security best practices
- Familiarity with RMF process
- Experience with Spunk or other similar applications
- Experience with security compliance and regulatory requirements.
- Strong analytical and problem-solving abilities.
- Capability to analyze complex security issues and develop practical solutions.
- Excellent written and verbal communication skills.
- Ability to effectively communicate technical information to non-technical stakeholders.
- Bachelor's degree in Computer Science, Information Technology, or related field
- U.S. Citizenship is required for this position.
Nice To Haves
- COMPTIA Security + / CISSP DESIRED
- AWS certification (e.g., AWS Solutions Architect Associate or Professional)
- TS/SCI clearance and CI Polygraph
Responsibilities
- Develop, implement, and enforce security policies, standards, and procedures.
- Ensure secure configuration of information systems.
- Perform system patching in response to IAVAs and other security findings.
- Conduct risk assessments to identify and mitigate potential security threats.
- Ensure compliance with relevant government and industry standards.
- Implement continuous monitoring processes.
- Conduct regular security audits and assessments.
- Collaborate with IT and security professionals.
- Maintain comprehensive documentation of security policies and procedures.
- Recommend and implement security enhancements.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
