Information Systems Security Officers (ISSO)
Clearance: Must be a US Citizen able to obtain a Public Trust
Location: DC (Remote for the time being)
Email: If interested, please send an updated resume to Beca at Rcruz@Apexsystems.com
Cybersecurity is seeking Information Systems Security Officers (ISSOs) to support the CAO's inventory of on-premise, vendor, and cloud-based systems. These systems are a combination of varying complexities at the Moderate and Low impact levels. The Contractor will assist federal staff in identifying and assessing new systems in accordance with NIST SP 800-37 Rev. 2, Risk Management Framework, for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy and applicable House policies. Specifically, the resources shall:
Ensure that the appropriate operational cybersecurity posture is maintained for House systems to provide confidentiality, integrity, and availability of information systems.
Support systems owners to develop, update and maintain the System Security Plan (SSP) for assigned systems.
Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems.
Develop standard operating procedures in accordance with security control requirements.
Perform continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
Work with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems.
Assess the cybersecurity impact of changes to assigned IT systems.
Conduct self-assessments of security controls, identify weaknesses, and track remediation activities in Plan of Action and Milestones (POA&M).
Manage the POA&M process for designated IT systems to provide timely detection, identification. and alerting of non-compliance issues.
Provide the required system access, information, and documentation to security assessment and audit teams.
Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.
Complete required A&A activities on assigned IT systems.
Other duties as assigned.
The Contractor shall provide individuals who have the following knowledge, skills and abilities:
Bachelor's degree in Computer Science, Engineering or a related technical discipline.
Demonstrated experience (5+ years) performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization of such systems.
Strong working knowledge and familiarity with NIST publications.
Demonstrated experience using a GRC tool executing A&A activities.
Current and maintained certification in one or more of the following IT Security disciplines: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at firstname.lastname@example.org or 844-463-6178.