Information Systems Security Officer (ISSO)

Overview

Hybrid

Depends on Experience

Full Time

Skills

ACT

ATO

Access control

Active Directory

Audit

Authorization

Best practices

CAP

CISSP

Cloud

Compliance

Computer

Configuration

Contingency plan

Continuous monitoring

DNS

Documentation

Education

Encryption

FISMA

FTP

Firewall

Government

Group policy

HTTP

HTTPS

Hardware

ISSO

IT security

IaaS

Implementation

Information security

Information security management

Information systems

Investigation

Leadership

Linux

MOST

Microsoft Certified Professional

Microsoft Windows

NIST

NIST SP 800 Series

Network engineering

Network security

Networking

OMB

Operating systems

PKI

PMP

PaaS

Planning

Policies

Policies and procedures

Promotions

RHCSA

RMF

Red Hat Linux

Reporting

Risk assessment

Risk management

Risk management framework

Routing

SDLC

SFTP

SMB

SMTP

SSP

STIG

SaaS

Secure Shell

Security

Security analysis

Security clearance

Security controls

Security policy

Senior management

Software

Software deployment

Software development

Supervision

Switches

System administration

System security

TCP/IP

Technical support

Training

Troubleshooting

Unix

VLAN

VMware vSphere

Job Details

Bering Global Solutions, LLC, a subsidiary of Bering Straits Native Corporation is currently seeking a qualified Information Systems Security Officer (ISSO) for a government client in Washington, DC. The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements. The ISSO works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client s IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools.

ESSENTIAL DUTIES & RESPONSIBILITIES

The Essential Duties and Responsibilities are intended to present a descriptive list of the range of duties performed for this position, and are not intended to reflect all duties performed within the job. Other duties may be assigned.

Plan, develop, review and maintain baselines for client s information system to such as, System Security Plans, Software & Hardware Boundaries Documents and Diagrams, Control Implementation Matrix, Inheritance and Overlay Memos, Security Assessment and Authorization artifacts and ATO packages.
Lead and facilitate meetings with system owners, executive management, staff, and contract partners and technical personnel to provide IT security guidance, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines.
Plan, develop, and conduct vulnerability and compliance scans, contingency plan testing, and risk assessment on client s information systems. Analyze results to identify and mitigate risk to IT systems, identify training opportunities, and update and improve information systems documentation in accordance with client s IT security policies and System Security Plan (SSP).
Participate in internal and external reviews, inspections, Security Assessments and Authorizations and audits to ensure compliance with federal laws, client s security policy as well as FISMA and NIST requirements.
Provide expert security advice to system development organizations to ensure adequate security controls are included in each system lifecycle phase.
Lead remediation efforts when security controls are insufficient, weaknesses are identified in network security configurations, and vulnerabilities deviate from client s security policy or federal guidelines by recommending corrective actions to mitigate identified deficiencies and developing POAMs.
Review and analyze information system audit records for unusual or potentially unauthorized activity. Conduct investigations into activities which are in violation of system and organization security policies.
Incorporate organizational continuous monitoring solutions into information system operations. Ensure compliance with client s continuous monitoring policies and procedures.

QUALIFICATIONS - EXPERIENCE, EDUCATION AND CERTIFICATION

To perform this job successfully, an individual must be able to satisfactorily perform each essential duty. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Required (Minimum) Qualifications

High School Diploma or equivalent
The ideal candidate will have experience with Cloud Computing Offerings (Cloud Systems, SaaS, IaaS, PaaS).
Familiarity with Cloud Service Providers (CSPs) and basic cloud deployment models.
Must be Certified Information Systems Security Professional (CISSP) Certified

Basic-level understanding of basic computer and networking technologies:
TCP/IP stack
Windows operating systems
Linux/Unix-based operating systems
Networking technologies (routing, switching, VLANs, subnets, firewalls)
Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc
Common enterprise technologies Active Directory, Group Policy, VMware vSphere

Moderate-level understanding of IT security principles, technologies, best practices, and NIST guidance
Logical Access Control
PKI and other encryption method
DISA STIG Security configuration baselines
Auditing
Vulnerability discovery and management
NIST SP 800-53 rev. 4 control

Excellent communications skills. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation and grammar.
Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy.
Knowledge and experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems.
Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls.
Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systems
Knowledge and experience performing network security vulnerability assessments.
Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems.

Knowledge, Skills and Abilities

Basic-level understanding of common computer and networking technologies:
TCP/IP stack
Windows operating systems
Linux/Unix-based operating systems
Networking technologies (routing, switching, VLANs, subnets, firewalls)
Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc
Common enterprise technologies Active Directory, Group Policy, VMware vSphere
Interest in security/hacking culture. Ability to think like an attacker
Demonstrated experience with cloud systems
Certifications of interest:
Security+
Certified Authorization Professional (CAP)
Project Management Professional (PMP)
Microsoft Certified Solutions Associate (MCSA)
Red Hat Certified System Administrator (RHCSA)
CISSP is a MUST

Preferred

Technical background Experience working as any of the following:
Software application developer
System administrator
Network engineer
IT Helpdesk Tier II or above
Bachelor s Degree or higher in information technology or information security-related field
Interest in security/hacking culture. Ability to think like an attacker
Certifications of interest:
Security+
Certified Authorization Professional (CAP)
Microsoft Certified Solutions Associate (MCSA)
Red Hat Certified System Administrator (RHCSA)

PHYSICAL REQUIREMENTS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Must maintain a constant state of mental alertness at all times. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about.

WORK ENVIRONMENT

Work Environment characteristics described here are representative of those that must be borne by an employee to successfully perform the essential functions of this job.

Job is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse and multi-line telephone system. The work described herein is primarily a modern office setting. Occasional travel may be required.

SUPERVISORY RESPONSIBILITIES

No supervisory responsibilities.

ADDITIONAL QUALIFYING FACTORS

Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.)

Shareholder Preference. BSNC gives hiring, promotion, training and retention preference to BSNC shareholders, shareholder descendants and shareholder spouses who meet the minimum qualifications for the job.

Bering Straits Native Corporation is an Equal Opportunity/ AA/ Male/ Female/ Disability/ Vets employer.

We participate in the E-Verify Employment Verification Program. We are a drug free workplace.

Visit our website at for more details and to apply.

Job Details

About Bering Straits Native Corporation

Share