Omniscius is hiring a
Information System Security Officer

Summary

The Information System Security Officer (ISSO) is responsible for developing and maintaining security documentation, identifying potential risks, participating in Assessment and Authorization (A&A) efforts, analyzing test results, and managing large-scale cybersecurity programs. The ISSO must hold an IAT III Certification, have an active DoD Secret Clearance, a minimum of 8 years of experience in information system security, and be familiar with Federal cybersecurity requirements and the A&A process.

Requirements

• IAT III Certification
• Active DoD Secret Clearance
• Minimum of 8 years of experience in information system security, with a strong background in cybersecurity
• Proven experience in developing and maintaining security documentation and conducting risk assessments
• Experience in managing large-scale cybersecurity programs and leading cybersecurity teams
• Familiarity with Federal cybersecurity requirements and the A&A process
• Proficient in the use of cybersecurity tools and technologies, such as Nessus ACAS scans, SCAP, and eMASS
• Strong analytical skills and ability to conduct thorough reviews of vulnerabilities and defense strategies

Responsibilities

• Develop and maintain System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Security Assessment Plans (SAPs), and other security documentation
• Identify key stakeholders in Assessment and Authorization (A&A) efforts and ensure system documentation reflects current security configurations
• Identify potential risks associated with system configurations and advise on mitigation strategies
• Participate in A&A status meetings, facilitate the progression towards successful A&A efforts, and assist in estimating Level of Effort (LOE) for A&A activities
• Develop and implement detailed test plans, review findings from self-assessments to determine readiness for independent validation and verification (IV&V), and conduct IV&V assessments
• Analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
• Maintain cybersecurity policies and processes as assigned
• Manage and track systems or programs involved in the A&A process
• Develop and implement security-related directives and guidance for Information Assurance (IA), Information Technology (IT), and Information Management (IM)