ISSO- Hybrid, Washington, DC

This hybrid remote position requires on-site work two days a week in Washington, DC.

Must be local to DC, VA, MD States or within a 2-hour commute.

Due to Federal Governement Security Clearance Requirements: U.S. Citizenship

Information System Security and Privacy Officer (ISSPO)

Do you have a passion for cybersecurity and ensuring the integrity of sensitive information? Are you a strategic thinker with a knack for problem-solving and communication? If so, this Information Systems Security Officer (ISSO) role might perfectly fit you!

PRISM seeks a highly motivated and experienced ISSO to join our team and play a vital role in safeguarding our organization's information systems and data. As the ISSO, you will develop, implement, and maintain our information security program. You will work closely with various departments to identify and mitigate security risks, ensuring our data's confidentiality, integrity, and availability.

Responsibilities:

• Establish procedures & processes to ensure tracking and mitigating risks identified during the ATO process.
• Provide data categorization guidance to system owners
• Develop and update Interconnection Security Agreement documentation as needed.
• Support customer responses to ongoing information system audits.
• You will also develop and update System Security Plans (SSPs) and supporting documentation.
• Assisting with tailoring of security control baselines for general support system and other FISMA reportable systems, including cloud systems utilizing FedRamp controls
• You will collect and validate control implementation statements from subject matter experts.
• Oversee development of security and privacy control implementation statements per NIST SP 800-53 and agency security policy standards.
• Assist with the migration to NIST SP 800-53 Rev 5, identifying gaps and helping technical teams understand the new requirements for implementation.
• Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications.
• Review and assess POA&M outputs, recommending additional work or closure.
• Support the continuous monitoring program when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
• Document and communicate control deficiencies for POA&M consideration.
• Assist in developing security policies, ensuring compliance, and updating documentation.
• Provide information for status reports, briefings, schedules, and project plans in written and oral form.

Qualifications:

• Expert knowledge of RMF accreditation packages and all steps of the RMF process.
• Experience in Security, Privacy Assessment, Authorization (SPA&A) activities, and ATO package creation.
• Experience working with RMF and NIST SP 800-53 (Rev 4/5)
• Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
• Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
• Familiarity with IT Audits using FISCAM processes and procedures.
• Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53, and IT control processes.
• Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
• Solid technical understanding of Windows and Linux platforms

Required:

Undergraduate degree with eleven years of experience or Graduate degree with nine years of experience in IT Infrastructure, IT Security, and/or Governance, Risk and Compliance (GRC)
One or more current Security certifications (CISSP, CISM, Security+).