Information Systems Security Officer (ISSO)
- Virginia
- Permanent
- Full-time
- * *
- Provide IT security assessment and IT security audit functions to ensure FISMA compliance.
- Develop and maintain documentation in support of Certification & Accreditation (C&A).
- Provide ISSO support to ensure customer systems obtain and maintain their Authority to Operate (ATO) with a security posture in accordance with NIST SP 800-53A guidance.
- Ensure all C&A and system security documentation (Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis, Continuity of Operations, Inter-Agency Service Agreement, etc.) is kept up to date or created when needed.
- Provide support to Federal ISSO for implementing, and enforcing information systems security policies, standards, and methodologies.
- Prepare and maintain documentation.
- Assist in the evaluation of security solutions to ensure they meet security requirements for processing DHS information.
- Assist as required with the Configuration Management (CM) for the information system to maintain security.
- Develop and maintain documentation for C&A in accordance with NIST, FISMA and DHS policies. Assist with evaluating security solutions to ensure they meet security requirements for processing system's designated data requirements.
- Maintain operational security posture for an information system or program.
- Provide support to System Owner (SO) and Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave.
- Develop and update system security plans and other IA documentation.
- Provide information assurance for all information security systems, ensuring its confidentiality, integrity, and availability.
- Provide supporting documentation for decisions granting authorization to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indications of compromise, incident response and remediation, the development of appropriate policy, relevant user security awareness and training, and compliance with applicable government and other external standards.
- Ability to obtain DoD Security Clearance
- Ability to obtain Department of Homeland Security (DHS) Entry On Duty (EOD) - Active EOD preferred
- BA/BS and 15 years’ experience (equivalency includes MA/MS + 13 years applicable experience or AA/AS +17)
- 4+ years as an ISSO, working with FISMA, or in other directly relatable positions
- Demonstrated experience in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, and IT security
- Understanding of information security best practices
- Ability to work independently and as part of a team
- Able to communicate clearly and professionally with senior Federal government representatives to field and troubleshooting questions and issues
- Certified Information Systems Security Professional (CISSP)
- Certified Authorization Professional (CAP)
- Information Technology Infrastructure Library v4 (ITIL v4)
- Previous DHS or DoD experience
- Experience working in a geographically dispersed, remote workforce
- Strong organization and communications skills and ability to work collaboratively with Senior Government Leaders
- Advanced MS Office Suite proficiency (Excel, PowerPoint, Word, Teams)
- Excellent written and verbal communications skills
- Excellent interpersonal skills and able to relate effectively with program employees, government/client representatives, and internal organizational functional representatives
- Experienced receiving initial information and guidance, conducting research to better understand requirements, and achieving high quality results
- Knowledge of Enterprise Architecture fundamental
- Cloud network or architecture experience (E.g., Nutanix, AWS, Azure, Google, etc.)
- Experience in reviewing NIST controls, understanding inheritance, and writing control implementation statements to address how a system is meeting control requirements.