22 Jun
Information System Security Officer (ISSO) - Lead
Vacancy expired!
Job Description
MindPoint Group is seeking an experienced Information Systems Security Officer to be a Team Lead. The ISSO Lead will manage the overall security-related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.
Functional Responsibilities: The candidate may perform someor all of the following:- Support the PM in achieving the approval for a program for the Authority to Operate (ATO)
- Implement and manage NIST 800-53 Rev. 4 Security Controls
- Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems
- Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans
- Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems
- Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
- Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities
- Align systems activities to the NIST Cyber Security Framework (CSF)
- Identify and support system Interconnection Security requirements
- Develop and document incident reporting procedures for service desk, admins, and security staff for incidents
- Providing OMB FISMA data
Experiences:
- Advise government program managers on security testing methodologies and processes
- Performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response
- Evaluating certification documentation and provide written recommendations for accreditation to government PMs
- Reviewing system security to accommodate changes to policy or technology.
- Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
- Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
- Advising the government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
- Conducting certification tests that include verification that the features and assurances required for each protection level are in place
- Conducting and coordinating Information System security inspections, tests, and reviews
- Assessing changes in the system, its environment, and operational needs that could affect the accreditation
- Preparing the final SAR containing the results and findings from the assessment
- Initiating a POA&M with identified weaknesses and suspense dates for each Information System based on findings and recommendations from the SAR and system scan results
- Performing risk assessments and make recommendations to customers
Qualifications
-
Qualifications
- Bachelor of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.
- Active Secret clearance required
- At least one of the following certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.
- At least, 15 years of experience in IT, Cybersecurity and/or Information Assurance.
- Familiarity with the following Security Regulations and/or Frameworks:
- FISMA.
- OMB Circular A-130.
- Privacy Act of 1974
- The Gramm-Leach-Bliley Act (GLBA)
- The Sarbanes-Oxley Act of 2002 (SOX)
- NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)
- Federal Risk Authorization and Management Program (FedRAMP).
- NIST Cybersecurity Framework (CSF).
- ISO/IEC 27017:2015 Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services.
- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures.
- Experience reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations.
- Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
- Be capable of authoring and editing technical guides, process and procedural documents, and other materials as needed.
- Understanding and experience with CSAM is a PLUS.
Additional Information
- All your information will be kept confidential according to EEO guidelines
- Equal Opportunity Employer Veterans/Disabled
Vacancy expired!