Information System Security Officer (ISSO)

Description & Requirements

Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit ;br>
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

Maximus is looking for a Information Systems Security Officer (ISSO) to support a DoD program based out of Arlington, Virginia!

What you will do:

• Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
• Implement media control procedures and continuously monitor for compliance.
• Verify data security access controls and assign privileges based on need-to-know.
• Investigate all suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).
• Apply and maintain required confidentiality controls and processes.
• Verify authenticator generation and verification requirements and processes.
• Execute media sanitization (i.e., clearing, purging, or destroying) and reuse procedures.
• Execute processes and procedures for protecting CUI, SAP, SCI, and PII.
• Responsible for creation and management of Body of Evidence (BOE)
• Maintain privilege access control logs
• Creation and management of Interconnection Security Agreements (ISA)
• Ensure JSIG compliance of application within multiple accredited boundaries.
• Track vulnerabilities by creating Plan of Action and Milestones (POA&M)
• Manage the configuration and documentation contained in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
• Maintain and manage continuous monitoring of DoD STIG compliance.
• Enforce the continuous monitoring strategy using tools such as Splunk, Oracle Cloud Control, ACAS reports, scripts to perform database/application user/privilege review, etc.
• Code Reviews for database and application development and configuration management activities, established by the Change Management Plan and Change Management Working Group.
• Demonstrate a detailed ability to analyze events or test results and prepare a POA&M.
• Demonstrate the ability to integrate project management, configuration management, continuous monitoring, and POA&M processes.
• Demonstrate a detailed ability to prepare reports identifying the results of compliance and performance tests.
• Develop and implements information assurance/security standards and procedures.
• Coordinate, develop, and evaluate security programs for the organization. Review information assurance/security solutions to support customer requirements.
• Identify, report, and resolve security violations.
• Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.

Required Skills:

• Candidates must possess and active TS/SCI clearance with the ability to obtain a CI Poly.
• A Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement. An Associate's degree and 2 years of relevant work experience may also be considered in lieu of the degree requirement.
• Candidates must have a current CompTIA Security+ or equivalent certification.
• 8+ years' experience with the execution and management of large-scale Information Technology (IT) Projects.
• 2+ years of direct experience in leading and executing enterprise-wide IT solutions in the private or public sector. Experience includes, Project management of technically and functionally diverse and complex IT Projects; Implementing detailed management techniques such as Earned Value Analysis; IT solution architectural analysis and design; Software and system developmental and acceptance testing; Acts as manager and overall point of contact for a specific project within an overall enterprise-wide IT solution Project.
• 2+ years of experience with RMF, as established by the Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications.
• 2+ years of Experience developing functional and non-functional requirements for IT Security Systems

Desired Skills:

• Strong self-organization and self-management skills with emphasis on self-initiation and follow through.
• Proven written and oral communication skills.
• Certified Information Systems Security Professional (CISSP), or ability to obtain certification within six months of hiring. Alternatively, an existing CompTIA Advanced Security Professional (CASP+) certification is acceptable.
• Experience with the Federal Risk and Authorization Management Program (FedRAMP).
• Experience in reviewing proposed change requests related to system design/configuration and performing security impact analysis.
• Experience in reviewing monthly vulnerability scan reports and tracking and addressing weaknesses in POA&Ms as needed.
• Experience with vulnerability scanning and assessments.
• Experience with the Special Access Programs (SAPs) and Intelligence Community (IC).
• Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG)
• The ability to work independently.
• The ability to adapt in fast paced environments, comfort with ambiguity
• Familiarity with cloud technologies, security practices, and agile methodologies.

#techjobs #clearance

Minimum Requirements

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

#MayEventJobs

EEO Statement

Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.

Pay Transparency

Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.

Annual Base Pay Minimum for this Position

$

97,200.00

Annual Base Pay Maximum for this Position

$

170,000.00