Information System Security Officer (ISSO)

Key Required Skills:Strong experience with NIST 800-53, Cybersecurity, ATO, Splunk, Risk Assessment and POA&M.

Position Description:

• Provide feedback on Authority to Operate (ATO) documentation
• Complete Control Implementation Statements (CIS)
• Provide Cybersecurity expertise
• Review system documentation

(Basic Qualifications)

• Bachelor's degree in computer science, Mathematics, Engineering, or a related field
• Masters or Doctorate degree may substitute for required experience
• 8+ years' experience as cybersecurity professional/ISSO
• Must be able to obtain and maintain a Public Trust. Contract requirement.

*** Selected candidate must be willing to work on-site in Woodlawn, MD 5 days a week.

(Required Skills):

• Assist with the development and implementation of the information security program, including the following program components: vulnerability management (Audit log review) and verification testing, incident response, business continuity, control testing, risk assessment and regulatory gap analysis.
• Conducts self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M).
• Maintain expert-level knowledge of all National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Security Controls and Conducts NIST 800-53 controls testing. Work with technical teams to mitigate security control deficiencies for assigned IT systems.
• Use internal tools as an approved repository for artifacts and Plans of Action and Milestones (POA&M).
• Assist staff in assessing new applications, identifying applicable NIST SP 800-37 RMF requirements and advising system owners of the process.
• Participates in security assessments and audits for assigned systems and facilitates obtaining evidence for data requests.
• Performs continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
• Must have Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy (Experience with NIST special publications, FIPS publications specifically RMF and NIST 800-53 Rev5 security controls and their requirements).
• Must have experienced creating, monitoring, updating, and closing plans of actions and milestones (POA&M).
• Review and compile the security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies to support the recommendation for client risk acceptance authorization decisions.
• Familiar with XACTA and ServiceNow.
• Experience with GovClud, FedRAMP and FISMA