Information Systems Security Officer - Citadel

About The Position

Requirements

• Bachelor's degree in computer science, information systems, or another related field.
• At least 10 years of experience performing or supporting the responsibilities of an ISSO in a US Government environment.
• At least 10 years of experience in National Institute of Standards (NIST) cybersecurity standards and best practices.
• Must hold a minimum Secret security clearance.
• Must be a U.S. Citizen

Nice To Haves

• Certified Information Systems Auditor (CISA) or Security Plus certification
• Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Security +

Responsibilities

• Responsible for continuous monitoring activities for systems to include monitoring for security threats, performing access reviews, reviewing and developing mitigation for vulnerability assessment reports, and proposing enhancements for systems security.
• Support security operations centers (or similar capabilities) in supporting system reviews and potential incident investigations.
• Maintain knowledge of the security architecture and the business purpose of systems.
• Document and maintain knowledge of all relevant NIST 800-53 controls for each IT system for which the ISSO is responsible.
• Update SSPs semi-annually and document any changes.
• Certify the accuracy of continuous monitoring information for assigned systems.
• Advise on proposed architecture or configuration changes using the established change and configuration management process.
• Certify software planned to be introduced to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
• Support the agency on periodic internal and external audits including support for the execution of identified corrective action plans as needed.
• Evaluate and advise on all access requests for privileged accounts to IT systems.
• Support and produce any artifacts that are required for Ongoing Authorization and the NIST Cyber Security Framework (CSF).
• Perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self-assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on-site review results.
• Attend weekly training sessions and staff meetings to gain an understanding of changes or clarifications to procedures.
• Conduct security architecture reviews to ensure that the program's architecture is in compliance with STIG requirements and best practices.
• Develop customized checklists based on the security architecture, special purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
• Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk.
• Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization.

Benefits

• Referral bonus: $1,000