Sr. Information Systems Security Officer (ISSO)


Job Details

Contractor will act as Information System Security Officer (ISSO) for assigned systems. An ISSO is responsible for all aspects of security risk management for the (usually multiple) systems to which they are assigned. The primary System they will be responsible for is a large General Support System (GSS), comprised of numerous technical components from the Information Security Program and which are inherited by other Systems. There will be approximately 3-4 other systems that fall under the candidate s portfolio.

The ISSO works with system owners to develop all required security documentation for their assigned systems including System Categorization, Risk Assessment, System Security Plan, Contingency Plan, Interconnection Security Agreement, ATO package, etc. The ISSO identifies, analyzes, and proposes mitigation strategies to system risks. The ISSO also assesses and continuously monitors the effectiveness of mitigation strategies (i.e. internal testing and control validations). The ISSO also provides ongoing security advice to system owners and administrators. Additionally, the ISSO participates with their peers in contributing to planning and implementation of enhancements to the system risk management processes.


Primary ISSO duties include:

  1. Perform and document system categorization in accordance with our procedures
  2. Continuously conduct and document security risk assessments (i.e. SCAs)
  3. Work with System Owners to develop and maintain System Security Plans and keep implementation statements up to date in the GRC Tool (Archer)
  4. Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
  5. Document assessment evidence and develop assessment reports to document findings and actionable recommendations.
  6. Perform continuous monitoring of security control effectiveness
  7. Work with System Owners to develop and perform periodic testing of contingency/DR plans.
  8. Work with System Owners to develop, provide training, and perform periodic testing of incident response plans.
  9. Review, analyze, and coordinate remediation of vulnerability scans and other vulnerability information. Recommend corrective action and review remediation actions for effectiveness.
  10. Review and coordinate the remediation of control deficiencies and audit findings.
  11. Maintain Plans of Actions and Milestones (POA&Ms) in the Archer GRC Tool and provide timely updates on their status.
  12. Assist System Owners with developing and reviewing Interconnection Security Agreements, and Memoranda of Understanding.
  13. Perform system assessments and reaccreditations within required timeframes.
  14. Perform configuration baseline compliance reviews
  15. Prepare requests for waivers and exceptions
  16. Review proposed system changes for security impact
  17. Provide advice and assistance to stakeholders on security-related issues.
  18. Provide timely response to audit requests.
  19. Assist System Owners with developing security requirements for system projects.
  20. Review and respond to system audit logs and alerts
  21. Supports and comply with Technical Review Board and Change Control Board activities for assigned systems.
  22. Develop good working relationships with customers and other stakeholders, and provide advice and assistance to stakeholders on security-related issues.
  23. Collaborate with ISSO colleagues on the planning and implementation of enhancements to the our system risk management processes.



SKILLS AND KNOWLEDGE

Must have the following skills and knowledge:

Experience performing the full cycle of system Assessment and Accreditation (A&A) activities, including ISSO duties and Security Control Assessment duties.

Good working knowledge of the National Institute of Technology (NIST) Risk Management Framework (RMF).

Strong technical background with strong understanding of network architectures and communications, operating systems, web platforms, and databases

Experience with Enterprise GRC Tools. Archer GRC is preferred, but experience with similar tools like CSAM or others are acceptable

Strong writing, interpersonal and communication skills

Experience developing and maintaining system security documentation, including but not limited to System Security Plans, Security Assessment Reports, Contingency Plans, and Interconnection Security Agreements.

Ability to identify and assess risks and recommend appropriate remediation strategies.

Experience developing and updating Plans of Actions and Milestones (POA&Ms) and overseeing efforts to rectify issues found as a result of security vulnerabilities and security controls analysis.

Ability to evaluate proposed changes to IT systems for potential security risks and impacts, and advise system stakeholders on those risks and proposed mitigations.

Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.

Ability to work independently and with teams.





 CIBR Warriors

 05/19/2024

 Herndon,VA


JobsPlenty.com - Job Search Engine © 2024 • TermsPrivacyContact | HIPLEX LLC