25 Jun
Information System Security Officer (ISSO) - Lead
Virginia, Arlington 00000 Arlington USA

Vacancy expired!

Job Description

MindPoint Group is seeking an experienced Information Systems Security Officer to be a Team Lead. The ISSO Lead will manage the overall security-related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.

Functional Responsibilities:

The candidate may perform someor all of the following:

  • Support the PM in achieving the approval for a program for the Authority to Operate (ATO)
  • Implement and manage NIST 800-53 Rev. 4 Security Controls
  • Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems
  • Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems
  • Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
  • Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities
  • Align systems activities to the NIST Cyber Security Framework (CSF)
  • Identify and support system Interconnection Security requirements
  • Develop and document incident reporting procedures for service desk, admins, and security staff for incidents
  • Providing OMB FISMA data

Experiences:

  • Advise government program managers on security testing methodologies and processes
  • Performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response
  • Evaluating certification documentation and provide written recommendations for accreditation to government PMs
  • Reviewing system security to accommodate changes to policy or technology.
  • Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
  • Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
  • Advising the government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
  • Conducting certification tests that include verification that the features and assurances required for each protection level are in place
  • Conducting and coordinating Information System security inspections, tests, and reviews
  • Assessing changes in the system, its environment, and operational needs that could affect the accreditation
  • Preparing the final SAR containing the results and findings from the assessment
  • Initiating a POA&M with identified weaknesses and suspense dates for each Information System based on findings and recommendations from the SAR and system scan results
  • Performing risk assessments and make recommendations to customers

Qualifications

  • Qualifications

    • Bachelor of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.
    • Active Secret clearance required
    • At least one of the following certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.
    • At least, 15 years of experience in IT, Cybersecurity and/or Information Assurance.
    • Familiarity with the following Security Regulations and/or Frameworks:

      • FISMA.
      • OMB Circular A-130.
      • Privacy Act of 1974
      • The Gramm-Leach-Bliley Act (GLBA)
      • The Sarbanes-Oxley Act of 2002 (SOX)
      • NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)
      • Federal Risk Authorization and Management Program (FedRAMP).
      • NIST Cybersecurity Framework (CSF).
      • ISO/IEC 27017:2015 Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services.

    • Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures.
    • Experience reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations.
    • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
    • Be capable of authoring and editing technical guides, process and procedural documents, and other materials as needed.
    • Understanding and experience with CSAM is a PLUS.

Additional Information

  • All your information will be kept confidential according to EEO guidelines
  • Equal Opportunity Employer Veterans/Disabled

Vacancy expired!


Related jobs

Report job