Information Systems Security Officer - 201810

About The Position

Requirements

• At least 2+ years of related experience
• Detailed knowledge of NIST SP 800-53 Rev. 4 & 5, Security Policies, NIST Risk Management Framework, eMASS, Security Planning and Architecture, Incident Analysis, and General Security Best Practices
• Knowledge of NIST regulatory compliance requirements
• Deep knowledge of the information security principles
• Experience developing Information Security policies and procedures
• Experience performing A&As and supporting the Risk Management Framework lifecycle
• Ability to communicate, both written and orally, to both technical and non-technical stakeholders
• Strong written and oral communication skills to interact with senior managers, junior staff, and business unit (non-technical) customer
• An active security clearance is REQUIRED.
• A Security+ Certification is REQUIRED.

Responsibilities

• Document and maintain controls, appendices, and document attachments under NIST SP 800-53 Rev. 4 & 5 for all DSS and IDM systems and sub-systems
• Document and maintain inheritable common controls catalog for to document controls offered to applications or systems hosted on multi-cloud platform
• Ensure common controls are available for all hosted systems to inherit and maintain
• Assist in the development and maintenance of System Security Plans (SSP) and security controls assessments, and organizational policy
• Update the SSP and server documentation and provide the ISSO to update security artifacts and the baseline documents
• Update POA&Ms throughout the POA&M lifecycle till closure for all system controls.
• Provides high-level functional systems analysis, design, integration, documentation, and implementation advice on moderately complex cybersecurity problems that require an appropriate level of knowledge of the subject matter for effective implementation
• Serves as the IT security POC for assigned systems to ensure information systems comply with applicable policies
• Ensures security activities are implemented throughout the entire SDLC, including during system changes and modifications
• Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings.
• Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle
• Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated
• Ensures all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
• Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Testing, POA&Ms, and incident reports.

Benefits

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas