Senior Information System Security Officer (ISSO)

About The Position

Requirements

• Minimum Years of Overall Experience: 10
• Highly responsive to customer needs
• Knowledge of security controls, ideally in government setting
• Understand the full RMF process from start to finish.
• Comfortable working with different IA controls.
• Experience using scanning tools and supporting ATO packages.
• Knowledge of FS-191, operational directives, and compliance requirements.
• Solid grasp of NIST RMF (SP 800-37) and NIST SP 800-53 controls (Rev 4 & Rev 5), CNSSI 1253.

Nice To Haves

• Real hands-on ISSO experience
• Preferred experience in portfolio and O&M support
• Experience supporting systems hosted in Cloud environments.
• Experience supporting systems in Agile and DevOps environments
• Experience supporting portfolio level O&M support

Responsibilities

• Support all portfolio level documentation for 30+ applications.
• Coordinate and collaborate with government client.
• Assist teams in best practices around vulnerability remediation.
• Provide subject matter expertise to ensure compliance with FDIC and NIST cybersecurity policies and frameworks.
• Support the implementation and sustainment of security controls in alignment with the NIST Risk Management Framework (RMF).
• Responsibility for and to assist system owners in maintaining system Authorization to Operate (ATO) status.
• Support Operations & Maintenance of 30+ applications, as well as initiative efforts around Cloud Migration and a breadth of technologies.
• Create and maintain documents like Security Impact Analysis (SIAs), POA&Ms, Security and Privacy Control Assessments (SCAs), and other continuous monitoring reports/artifacts.
• Develop best practices around common vulnerability remediation, prioritization of findings and criticality, mitigation strategies, and counter measures.
• Develop and maintain knowledge management across programs.
• Hold training sessions and office hours to support project teams and promote collaboration across work streams.
• Assist in identification of false positives due to unused libraries or other findings.
• Hold monthly sessions with government clients to review documentation updates, in addition to regularly scheduled meetings required for workstream support.
• Strengthen collaboration and information sharing across agency and external partners to support cybersecurity risk reduction and resilience.

Benefits

• 15 days PTO including paid parental, military, and bereavement leave.
• Eleven (11) paid Federal holidays, five of which are floating holidays (as designated by the company’s holiday schedule each year).
• Health and Dental Insurance (including 100% employer paid premiums for employee coverage under the HDHP health plan).
• Life Insurance, STD/LTD term disability coverage, with employer paid premiums.
• 401 (k) plan with a match that is 100% vested after you complete two years of service.
• FSA/DFSA/HSA flexible benefit plans.
• Annual Tuition & Professional Development Reimbursement benefit.