INFORMATION SYSTEMS SECURITY OFFICER (ISSO)

• Posted 4 hours ago • Updated 4 hours ago
Full Time
Fitment

Dice Job Match Score™

🫥 Flibbertigibetting...

Job Details

Skills

  • Information System Security
  • Military
  • Information Systems
  • Change Request Management
  • Facilitation
  • Impact Analysis
  • Privacy
  • System Administration
  • Software Asset Management
  • Configuration Management
  • Contingency Plan
  • Incident Management
  • Security Analysis
  • Reporting
  • SSP
  • Testing
  • Business Continuity Planning
  • Disaster Recovery
  • MOUS
  • SAR
  • Continuous Monitoring
  • SCA
  • IT Security
  • Technical Support
  • Authorization
  • Security Controls
  • SAP GRC
  • Risk Assessment
  • System Security
  • SAP BASIS
  • Information Security
  • Problem Solving
  • Conflict Resolution
  • Cyber Security
  • RMF
  • Risk Management Framework
  • FIPS
  • FISMA
  • Documentation
  • Auditing
  • Vulnerability Management
  • Regulatory Compliance
  • Collaboration
  • Management
  • Communication
  • DoD
  • Security+
  • GSEC
  • Security Clearance
  • Project Management
  • Performance Management
  • Preventive Maintenance

Summary

Information System Security Officer

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

The Information Systems Security Officer (ISSO) is responsible for supporting the full lifecycle of security assessment and authorization (A&A) activities for information systems. The ISSO ensures that assigned systems comply with federal cybersecurity standards and maintain their Authority to Operate (ATO) through continuous monitoring and documentation.

The ISSO will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), A&A documentation and various reports, based on NIST guidelines and client's policies, procedures and request. The ISSO will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and provide mitigation recommendations for any risks or threats.

QUALIFICATIONS:
  • Lead and conduct Pre-Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings.
  • Supports the ISBO in day-to-day IT security activities.
  • Assists the ISBO with reviews of the security posture of the system and report any findings to the ISBO, CISO, and the AO.
  • Conduct Information System Categorization by identifying information types, completing FIPS-199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA).
  • Develop and maintain system security documentation, including:
    • System Administration Plan (SAM)
    • Configuration Management Plan (CMP)
    • IT Contingency Plan (ITCP)
    • Information Security Continuous Monitoring (ISCM) Plan
    • Incident Response Plan (IRP)
    • Security Assessment Report (SAR)
    • System Security Plan (SSP)
  • Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office.
  • Develop and manage inter-agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums.
  • Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency.
  • Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team.
  • Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure.
  • Prepare and present SAR to Authorizing Officials to obtain or renew ATO.
  • Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems.
  • Develop and update project schedule, including A&A / SCA task and milestones, task dependencies, and personnel resources.
  • Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives.
  • Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199.
  • Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.
  • Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility.
  • Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System.
  • Implement security controls based on IT System FIPS categorization.
  • Document security control implementation in the system's Security Plan using the client's GRC tool.
  • Document system's risk assessment per client directives and requirements.
  • Review and monitoring system security and audit logs.
  • Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems.
  • Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change).

QUALIFICATIONS (Required Skill and Experience):
  • A minimum of five (5) years of demonstrated experience in the Information Security or IT field.
  • Demonstrates a proficiency with developing, maintaining and managing SA&A packages.
  • Experience with developing and managing POA&M's.
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
  • Strong understanding of federal cybersecurity frameworks (e.g., NIST RMF, FIPS-199, FISMA).
  • Experience in developing and maintaining security documentation and plans.
  • Possess experience conducting CPT's.
  • Experience conducting audit log reviews.
  • Technical experience with conducting vulnerability management, compliance scanning, and providing mitigation techniques.
  • Excellent communication and coordination skills with technical and non-technical stakeholders.
  • Ability to manage multiple systems and projects simultaneously in a dynamic environment.
  • Excellent communication (written and verbal) skills.

CERTIFICATION:
  • A minimum of at least one (1) certification identified in the DOD 8570 IAT Level II (e.g., Security+, GSEC, CASP) or any equivalent or more advanced.

CLEARANCE:
  • Library Suitability and Public Trust

LOCATION and HOURS:
  • Location: Washington DC
  • Primarily Remote.
  • Onsite work at the client location in Washington, D.C. and Zermount HQ in Arlington, VA., may be occasionally required.
  • Hours of Operation (Business Hours): 8:00 am ET - 5:30 pm ET
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 90793362
  • Position Id: 65c6a13d6533dc26d2454608be91c1a1
  • Posted 4 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

San Jose, California

Today

Full-time

USD 112,949.00 - 119,126.00 per year

Annapolis, Maryland

Today

Full-time

Washington, District of Columbia

Today

Full-time

Gaithersburg, Maryland

Today

Full-time

USD 135,000.00 - 160,000.00 per year

Search all similar jobs