Information Systems Security Officer (ISSO)

About The Position

Requirements

• Bachelor’s in Computer Science, or other related analytical, scientific, or technical discipline
• 4+ years’ experience with NIST, FISMA, and Security Assessment & Authorization.
• Knowledgeable on various security-related NIST publications (e.g., SP 800-53r5, SP 800-53A, SP 800-18r1, etc.)
• In-depth knowledge of information security principles, methodologies, and best practices.
• Experience in conducting risk assessments and implementing security controls.
• Proficiency in using security tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability management tools.
• Knowledge of incident response procedures.
• Obtain a CI Poly.
• Can be on-site 5 days a week.

Nice To Haves

• Certifications: CISSP
• FedRAMP and Cloud experience (e.g., Azure, AWS, Oracle (OCI))
• Hands-on experience using a Governance, Risk, and Compliance tool, such as CSAM or eMASS.
• Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyst against NIST SP 800-53 Revision 5 security controls.
• Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems.
• Experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., BigFix, SCCM, ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware.
• Ability to evaluate data flows, network diagrams, and logical security boundaries.
• Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.

Responsibilities

• Developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages resulting in an authority to operate (ATO) for IT systems.
• Creating and maintaining SSPs and supporting documentation in accordance with agency guidelines and directives.
• Writing implementation statements, creating supporting documentation (e.g., contingency Plans, Incident Response Plans, Account Management Plans, etc.), and performing self-assessments, while working with system stakeholders.
• Develop, coordinate, test, and train personnel on Incident Response Plans and Contingency Plans.
• Ensuring that information systems are accredited, maintain their ATO, and are being continuously monitored.
• Performing risk assessments for government systems, to include cloud-based systems.
• Performing security control assessments to include collecting supporting artifacts/evidence and interviewing system owner/owner representatives.
• Maintaining and tracking system POA&Ms.
• Conducting vulnerability management and analysis.
• Reviewing and analyzing government policy.
• Improving on processes and procedures and making recommendations to improve the security posture of the agency's IT systems and applications.

Benefits

• Generous cost sharing for medical insurance for the employee and dependents
• 100% company paid dental insurance for employees and dependents
• 100% company paid long-term and short term disability insurance
• 100% company paid vision insurance for employees and dependents
• 401k plan with generous match and 100% immediate vesting
• Competitive Pay
• Generous paid leave and holiday package
• Tuition and training reimbursement
• Life and AD&D Insurance