Information Systems Security Officer

Overview

Hybrid
Depends on Experience
Contract - W2

Skills

Information Security

Job Details

Information Systems Security Officer (ISSO)

Department: Information Technology

Hybrid - Washington, DC (potentially 1 day onsite per week)

6-month contract, with possible extension/conversion
 

About Our Client
Our client is a leading systems integrator supporting high-impact government programs with a strong reputation for delivering mission-critical IT and cybersecurity solutions. With decades of industry experience and a national footprint, the organization specializes in providing secure, scalable, and innovative services to government agencies across multiple sectors. Their mission centers around ensuring national security through cutting-edge technology and dedicated service.

Job Description
We are seeking an Information Systems Security Officer (ISSO) to support a Cybersecurity Operations Support Services Program for a federal government agency. The ISSO will be responsible for creating, revising, documenting, and maintaining the overall security-related policies, procedures, laws, and regulations, as well as implementing various security plans and compliance documents to enforce Information Assurance principles.

The ISSO will assist with the assessment, development, and implementation of programs and controls to preserve the integrity and security of sensitive data and information processed by network systems. This role will involve reviewing information security systems and providing recommendations for improving the overall security posture.

Duties and Responsibilities

  • Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), Security Impact Analysis (SIA), POA&Ms, and other relevant security documentation for existing and new systems in compliance with NIST 800-53 controls

  • Meet with System Owners (SO) and provide guidance to them on the security posture of the ATO status, and update security packages accordingly

  • Analyze and report vulnerability findings to SO and their technical point of contact for remediation

  • Work with systems owners and engineers to review and update POA&MS

  • Identify, assess, and mitigate risks to the information system, ensuring that the system remains secure throughout its lifecycle

  • Able to conduct research and present findings to stakeholders

  • Document, organize and implement security control requirements

  • Use workflows to develop security artifacts with assessors in preparation for assessment

  • Responsible for continuous monitoring of system security, including reviewing audit logs, tracking security incidents, and ensuring that security controls remain effective over time

  • Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance

  • Prepare vulnerability test plans and coordinate the testing and result procedures

  • Assess customer-based solutions and provide recommendations for any improvements to current security posture

  • Ability to review and write security-related policies and procedures and influence policy

Required Experience/Skills

  • Must be a U.S. Citizen

  • Ability to obtain Public Trust clearance

  • Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications

  • At least 8 years of experience in one of the following areas: knowledge of current security tools, hardware/software security implementation, communication protocols or encryption techniques/tools

  • Prior experience using ServiceNow GRC tool to support Assessment & Authorization of FISMA systems

  • Knowledge of auditing security controls and financial processes

  • Superior writing, communication and critical analysis skills

  • Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures

  • CISSP preferred, will consider ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)

  • An understanding in researching Emerging Threats and recommending monitoring content within security tools

  • Experience with one or more of the following technologies/tools: FireEye, Palo Alto, full MS O365 suite (compliance center)

  • Relevant certifications: Security+, CySA+, GCIA, GCIH, or similar

  • Experience with scripting or automation

  • Familiarity with cloud security monitoring (e.g., AWS, Azure)
     

Education

  • Bachelors Degree


Pay & Benefits Summary

  • Pay rate up to $68/hr W2

  • Eligible benefits include health, dental, vision, and 401(k)

     

Apply now to join a mission-critical cybersecurity initiative in support of national infrastructure!
 

Cybersecurity | ISSO | Public Trust | NIST 800-53 | Risk Management | FISMA | ServiceNow GRC | CISSP | Cyber Defense | Federal Security Clearance

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Catapult Solutions Group