Information System Security Officer (ISSO) - Lead

Information System Security Officer (ISSO) - Lead

Vacancy expired!

Job Description

MindPoint Group is seeking an experienced Information Systems Security Officer to be a Team Lead. The ISSO Lead will manage the overall security-related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.

Functional Responsibilities:

The candidate may perform someor all of the following:

• Support the PM in achieving the approval for a program for the Authority to Operate (ATO)
• Implement and manage NIST 800-53 Rev. 4 Security Controls
• Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems
• Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans
• Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems
• Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
• Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities
• Align systems activities to the NIST Cyber Security Framework (CSF)
• Identify and support system Interconnection Security requirements
• Develop and document incident reporting procedures for service desk, admins, and security staff for incidents
• Providing OMB FISMA data

Experiences:

• Advise government program managers on security testing methodologies and processes
• Performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response
• Evaluating certification documentation and provide written recommendations for accreditation to government PMs
• Reviewing system security to accommodate changes to policy or technology.
• Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
• Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
• Advising the government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
• Conducting certification tests that include verification that the features and assurances required for each protection level are in place
• Conducting and coordinating Information System security inspections, tests, and reviews
• Assessing changes in the system, its environment, and operational needs that could affect the accreditation
• Preparing the final SAR containing the results and findings from the assessment
• Initiating a POA&M with identified weaknesses and suspense dates for each Information System based on findings and recommendations from the SAR and system scan results
• Performing risk assessments and make recommendations to customers

Qualifications

• Qualifications

  • Bachelor of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.
  • Active Secret clearance required
  • At least one of the following certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.
  • At least, 15 years of experience in IT, Cybersecurity and/or Information Assurance.
  • Familiarity with the following Security Regulations and/or Frameworks:

    • FISMA.
    • OMB Circular A-130.
    • Privacy Act of 1974
    • The Gramm-Leach-Bliley Act (GLBA)
    • The Sarbanes-Oxley Act of 2002 (SOX)
    • NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)
    • Federal Risk Authorization and Management Program (FedRAMP).
    • NIST Cybersecurity Framework (CSF).
    • ISO/IEC 27017:2015 Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services.

  • Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures.
  • Experience reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations.
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
  • Be capable of authoring and editing technical guides, process and procedural documents, and other materials as needed.
  • Understanding and experience with CSAM is a PLUS.

Additional Information

• All your information will be kept confidential according to EEO guidelines
• Equal Opportunity Employer Veterans/Disabled