Senior Information System Security Officer (SR ISSO) - Hybrid

About The Position

Requirements

• Hands on experience and strong understanding of FISMA, NIST Risk Management Framework and associated special publications (800-37, 800-53, etc
• Management skills
• Interpersonal skills
• Communication, written, verbal
• Leadership skills
• JCAM experience
• Knowledge of cloud technologies and FedRAMP processes
• Education Completed Bachelor’s degree from an accredited university in an IT related field, or equivalent combination of eduation and experience.
• Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
• One or more of the following certifications: CISSP, CISA, or GSLC
• At minimum 5+ years of hands-on work experience with senior level ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.

Nice To Haves

• NIST Cybersecurity Framework experience
• Familiarity with AI tools and governance
• Experience with process improvement, documenting procedures and workflow

Responsibilities

• Assume the role of ISSO for information systems and third-party services identified as High Value Assets (HVA) by the agency
• Perform technical security impact analysis for all changes to the information system
• Provide the guidance and oversight necessary to ensure the completeness and accuracy of documentation related to the Primary Responsibility or the Supporting Role assigned to the System Owner, Information Owner or Steward
• Senior ISSOs shall ensure the implementation and maintenance of security controls in accordance with the Security Plan (SP) and Peace Corps policies and procedures.
• Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization
• Review all deliverables and RMF packages for accuracy
• Have oversight responsibility to ensure proper access controls have been implemented and managed
• Ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation.
• Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.
• Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information.
• Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.
• Senior ISSO shall collaborate with the ISSE in conducting security impact assessments on changes to their respective FISMA systems

Benefits

• Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets.
• Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.
• You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.
• You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.