Overview
On Site
Full Time
Skills
Risk Management Framework
RMF
Encryption
Asset Management
Software Management
MOUS
FISMA
Internal Control
Financial Software
Auditing
Accountability
Reporting
Cyber Security
Supply Chain Management
Risk Management
Documentation
Regulatory Compliance
Information Security
NIST SP 800 Series
Management
Continuous Monitoring
Vulnerability Management
Configuration Management
SAP GRC
EMC RSA Archer
CISSP
CISA
Security Clearance
NIST 800-53
Security Controls
Information System Security
System Security
Contingency Plan
Privacy
Communication
Project Management
Preventive Maintenance
Performance Management
Organizational Skills
Attention To Detail
Analytical Skill
Critical Thinking
Problem Solving
Conflict Resolution
Customer Engagement
Military
Law
Insurance
Job Details
Evolver Federal is seeking an Information System Security Officer (ISSO) to support its Federal client in Springfield, VA in managing all aspects of security for assigned National Security Systems (NSS) to ensure the data stored, processed, and transmitted by the assigned system(s) is protected in accordance with the appropriate Agency policies and NIST 800-53 security controls.
The successful candidate will have previous experience as an ISSO and Security Control Assessor having documented the full scope of security documentation in support of the NIST 800-37 (Risk Management Framework (RMF). A strong foundation in the understanding of encryption and how encryption is applied to National Security Systems (NSS) is necessary.
Responsibilities
Ability to work efficiently and effectively in a dynamic and fast-paced environment.
Basic Qualifications
Preferred Qualifications
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
The successful candidate will have previous experience as an ISSO and Security Control Assessor having documented the full scope of security documentation in support of the NIST 800-37 (Risk Management Framework (RMF). A strong foundation in the understanding of encryption and how encryption is applied to National Security Systems (NSS) is necessary.
Responsibilities
- Assess DHS NSS systems and provide recommendations for mitigating cyber risk.
- Utilize National Security Cyber Division (NSCD)-authorized tools to track compliance activities, approvals, and reporting.
- Create business-focused compliance reports detailing mission impact, asset evaluations, risk recommendations, and mitigation plans.
- Maintain documentation for all NSS compliance activities, including CISO and I&A requests.
- Monitor and review POAMs to ensure timely mitigation and closure.
- Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify risk and work with System Teams to develop a plan to mitigate security risk for assigned system(s).
- Provide analysis and feedback on security artifacts (SSPs, CPs, MOUs, MOAs, ISAs).
- Provide analysis and feedback on DHS security artifacts when assigned to NSCD, to include but not limited to Memorandum of Understandings (MOU), Memorandum of Agreements (MOA), and Interconnection Security Agreements (ISA).
- Support internal and external audits (e.g., FISMA, GAO, OIG).
- Provide responses in support of audits related to cybersecurity, including but not limited to FISMA Audits, Internal Control audits of Financial Systems, and external audit requests received from entities such as the General Accountability Office (GAO) or Office of the Inspector General (OIG).
- Compile data to support analysis and reporting in support of cyber risk compliance activities and activities stemming from Cybersecurity Supply Chain Risk Management (CSCRM).
- Create and maintain documentation from all NSS-related compliance activities, to include any incoming Chief Information Security Officer (CISO) and Information and Analysis (I&A) requests for information.
- Perform other duties as assigned by the Government.
Ability to work efficiently and effectively in a dynamic and fast-paced environment.
Basic Qualifications
- 5 years of related experience with Bachelor's degree or 8 years of overall related experience in a relevant field
- 1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
- 3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.
- 1 year of experience with NIST SP 800-53, 800-37, CNSSI 1253, DHS 4300A/B
- 3 years' experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
- 3 years' experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
- 3 years' experience with government GRC tools such as Archer, IACS, CSAM, etc.
- CISSP or CISA
- Must have Top Secret//SCI clearance and/or ability to obtain clearance prior to start date
Preferred Qualifications
- 2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
- 5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.
- Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
- Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
- Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
- Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
- Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
- Excellent organizational skills and attention to detail.
- Strong analytical, critical thinking, and problem-solving skills.
- Must have previous client-engagement experience.
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.