Senior Information Systems Security Officer (ISSO)

About The Position

Requirements

• Previous work experience in the following area includes, but is not limited to:
• Bachelor's degree is preferred; 8+ years of relevant experience.
• Proficient in network and information system security principles and best practices.
• In-depth knowledge of the Risk Management Framework (RMF), the NIST publications, and the DHS 4300A Policy Directive.
• Experience with implementing the NIST 800-53 Security Controls in an Assessment & Authorization (A&A) process.
• Experience reviewing Nessus scans, managing vulnerability mitigation and the information security process in an Enterprise environment.
• Basic understanding of Enterprise networking concepts.
• Ability to work well within a team environment and build reports with government and customer organizations.
• An active DoD Secret clearance is required for consideration.

Nice To Haves

• Certifications, such as Network+ and Security +, CISSP and Security auditing are recommended.
• A senior ISSO role will highlight past experiences over a 5-to-10-year period.

Responsibilities

• Plans, develops, and analyzes security measures to protect critical information from counter-threats and possible attacks.
• Protects sensitive information by ensuring required software is functioning and being used correctly.
• Research new methods to improve digital security and eliminate vulnerabilities.
• Monitors and reviews user access logs and provides user usage reports to management.
• Audits operations to ensure compliance with government regulations.
• Evaluates and recommends the installation, modification and replacement of hardware or software components.
• Performs work under minimal supervision.
• Handles complex issues and problems and refers only the most complex issues to higher-level staff.
• May act as lead.
• The Contractor shall identify the ISSO positions, as key personnel, to be the Designated Person(s) assigned to one or more existing FISMA Systems of Record as well as new IT Systems that are slated as new work products to develop an Authority to Operate (ATO) and follow-on Continuous Monitored system.
• As a Designated ISSO, they will sign a DHS sponsored Letter that lays out the roles and responsibilities of the ISSO function to maintain daily compliance requirements.
• The ISSO will report to the government Program Manager, government Technical POC / Task Manager. The Contractor shall also keep the designated government Information System Security Manager (ISSM), and COR informed.
• Due to the importance of keeping system(s) updated to meet FISMA guidelines, while supporting DHS/CISA directives around limiting vulnerabilities, the ISSO role is of upmost importance throughout its lifecycle.