Sr. Information Systems Security Officer (ISSO)

Systems, Security, Director, System, Configuration Management, Manager, Development, Disaster Recovery, C, CISSP, IBM, Risk Management, Management
Full Time

Job Description

Overview

VariQ has an incredible opportunity for a high-performing Sr. ISSO to join our team, supporting the FBI in Washington, DC. The Federal Bureau of Investigation (FBI) is a mission-critical, premier Law Enforcement Agency of the United States as well as a critical component of the Intelligence Community. The FBI relies on classified and unclassified information and information systems to perform its mission, so the confidentiality, integrity, and availability of these information assets are paramount to its success. The FBI requires support from an Information Systems Security Officer (ISSO) to provide governance, risk, and compliance services for assigned information assets for its discreet Program Offices to meet requirements from the White House, FISMA, Privacy Act of 1974, OMB, Department of Justice, NIST, Committee on National Security Systems, the Director of National Intelligence, and others.

Additional information:
  • Available: ASAP
  • Security Clearance: active Top Secret, able to obtain SCI w/ CI polygraph
  • Salary: competitive market rate


Responsibilities

Responsibilities/Duties:
  • Conduct required vulnerability scans according to risk assessment parameters
  • Perform all governance, risk, and compliance activities for assigned systems, serving as the appointed Information Systems Security Officer (ISSO)
  • Develop Plan of Action and Milestones (POA&Ms) in response to reported security vulnerabilities
  • Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POA&Ms)
  • Coordinate system owner concurrence for correction or mitigation actions
  • Monitor security controls for ISs to maintain security Authorized to Operate (ATO)
  • Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
  • Ensuring that day to day security is maintained for assigned information systems
  • Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the FBI's Information System Security Assessment (ISSA) Handbook and NIST publication series NIST 800-53
  • Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS
  • Initiate protective and corrective measures when a security incident or vulnerability is discovered
  • Monitor system recovery processes and ensure the proper restoration of an IS security features
  • Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware are documented and maintained
  • Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process);
  • Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
  • Establish audit trails and ensure their review, and make them available, when required, to the Chief Security Officer (CSO) or the Information System Security Manager (ISSM);
  • Retain audit logs in accordance with Department of Justice (DOJ), Office of Director of National Intelligence (ODNI) and/or FBI policy
  • Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
  • Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
  • Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators.
  • Develop, implement, and enforce information systems security policies
  • Maintain System Security Plans (SSPs) and all other system security documentation
  • Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP)
  • Support risk assessment and evaluation activities throughout the Certification and Accreditation (C&A) or site accreditation process
  • Able to implement and maintain continuous monitoring
  • Establish audit trails, ensuring their review and reporting all identified security findings
  • Other duties as assigned


Qualifications

Candidate Thresholds

Element

Requirement

Preference

Security Clearance

Active TOP SECRET, able to obtain SCI w/ CI polygraph

Active TS/SCI, able to pass CI polygraph

Technical Certification

CISSP

CISSP

Degree

High school diploma

Bachelor's

7 Yrs. as ISSO or ISSM in classified environment

7 years

8+ years

9 yrs. of work experience in computer science or Cybersecurity field

9 years

10+ years

Active certification as CISSP (or Associate), CISM, GSLC, C|CISO, CASP, or CAP

CISSP (or Associate), CISM, GSLC, C|CISO, CASP, or CAP

CISSP (or Associate), CISM, or GSLC

Experience running network, host, database vulnerability scans and dynamic application security testing using tools

Experience with Tenable Nessus or Security Center, IBM Guardium, HP Weblnspect, NMAP, and/or similar applications

Experience with Tenable Nessus or Security Center, IBM Guardium, HP Weblnspect, and NMAP

Experience and Competencies
  • Work in Federal security environment, Intelligence Community preferred
  • Expertise with FISMA, OMB Cybersecurity Directives, and NIST 800-37, NIST 800-53
  • Develop and maintain System Security Plans using NIST SP 800-53, Rev. 4 and Rev. 5, Committee on National Security Systems Instruction 1253, Intelligence Community Directive (ICD) 503
  • NIST Risk Management Framework (RMF)
  • Assessment & Authorization (SA&A or A&A) process
  • Experience working in classified environment
  • Managed remediation efforts
  • Analyzed vulnerability reports and created POA&Ms
  • Quarterly FISMA reports
  • Security Control Assessment (SCA) planning and development

Pluses that Differentiate Candidates
  • Current TS/SCI eligibility
  • FBI experience

Necessary Qualifications:
  • At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility
  • Minimum of 9 years of work experience in a computer science or Cybersecurity related field
  • Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
  • Familiarity with the use and operation of security tools including: Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, NMAP, and/or similar applications


OTHER DUTIES
  • This job description is not designed to cover a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities are subject to change at any time. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.

PHYSICAL DEMANDS AND WORK ENVIRONMENT
  • The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions.
  • While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit, and reach with hands and arms. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

NOTE
  • All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the employee will possess the skills, aptitudes, and abilities to perform each duty proficiently. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.


VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other protected class. We consider diversity and inclusiveness to be core to our culture, and central to our commitment to fostering an empowering and supportive workplace.
Dice Id : 10286792
Position Id : 2021-4068
Originally Posted : 3 months ago
Have a Job? Post it