Description
Job #5092
Position: Sr. Information System Security Officer
Type of Position: Contract
Location: Herndon VA, Dallas TX, Richmond VA, Boise ID, Pontiac MI, Charleston WV
Work Week: 40 hour
Other Requirements: pass a government background check.
*Candidate hired will be an Ntelicor W2 employee*
General Description
The Information System Security Officer (ISSO) plays a Cybersecurity operational compliance role. The position is responsible for assisting other ISSOs that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities.
The following are the primary responsibilities:
- Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.
- Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
- Reviews and continuously monitors implemented security controls.
- Creates and maintains security checklists, templates and other tools to aid in the A&A process.
- Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements.
- Performs risk analyses to determine and recommends essential safeguards.
- Proactively mitigates system vulnerabilities and recommends compensating controls.
- Prepares security authorization packages in accordance with the client contractual requirements.
- Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
- Maintains client-specific Plan of Action and Milestones and supports remediation activities.
- Maintains an inventory of hardware and software for the information system.
- Develops, tests and trains on Contingency and Incident Response planning.
- Conducts independent scans of application, network and database and utilizes Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.
In a typical engagement, the ISSO operates as a trusted advisor in the organization, working with senior management and focusing specifically on the security environment in relation to client business objectives. The ISSO helps to understand operational issues and plans the next steps in collaboration with Account ASOs from an information security viewpoint. The position will be able to demonstrate industry expertise and compliance. This position requires the ability to interact and influence at an organizational level to carry out governance, risk and compliance activities
Education and Experience Required:
- 5-7 years' experience working in a risk management, audit, security or technical delivery role
- Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
- Knowledge of the security countermeasures and overall RMF and NIST compliance regulations
- Excellent and effective communication skills
- Ability to work effectively in diverse, multi-national and virtual environments
- Self-motivated and tenacious
- Demonstrate sound judgment and integrity
- Ability to influence OCISO Delivery system stakeholders in the execution of security and compliance requirements
Preferred Skills:
- Experience in overall Security Risk and Compliance initiatives
- CISSP, CISM/CISA or CRISC a plus
- Fluent in English
Knowledge and Skills Required:
- Experience as a Security consultant in Risk and Compliance
- Experience in working with security management including information governance and compliance
- Good understanding of Assurance Practices and Risk Management, with hands on experience;
- Experience of security processes and standards, in particular NIST 800-series and Risk Management Framework
- Knowledge of security audit and accreditation processes
- Ability to adapt to new security environments/culture
- Ability to interpret government request for proposal and respond to security and compliance related requirements
The following experience is preferred:
- Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
- Experience of presenting at client meetings
- Experience of translating contractual security requirements to deliverables
- Knowledge of Federal Government Security, industry and market trends and client business and offerings
- Understands client solutions - what they consist of, product roadmaps, key technology concepts
- Understands how cyber security GRC requirements fit within or interface with the sales of other solutions within client and partner strategies
- Understands federal security and regulations impacting security requirements to develop strategies for supporting internal USPS operations