Information System Security Officer

Summary

Join our cybersecurity team as an experienced Information System Security Officer (ISSO) supporting a federal customer remotely. You will be responsible for ensuring the security of our information systems by developing, implementing, and maintaining security processes and documentation. Key duties include developing security plans and documentation, identifying and mitigating risks, participating in A&A efforts, developing test plans, analyzing test results, and maintaining cybersecurity policies. This role requires an IAT III Certification, an active DoD Secret Clearance, and a minimum of 8 years of experience in information system security. Experience in managing large-scale cybersecurity programs and leading teams is also essential.

Requirements

• IAT III Certification
• Active DoD Secret Clearance
• Minimum of 8 years of experience in information system security, with a strong background in cybersecurity
• Proven experience in developing and maintaining security documentation and conducting risk assessments
• Experience in managing large-scale cybersecurity programs and leading cybersecurity teams
• Familiarity with Federal cybersecurity requirements and the A&A process
• Proficient in the use of cybersecurity tools and technologies, such as Nessus ACAS scans, SCAP, and eMASS
• Strong analytical skills and ability to conduct thorough reviews of vulnerabilities and defense strategies

Responsibilities

• Develop and maintain System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Security Assessment Plans (SAP), and other security documentation
• Identify key stakeholders in Assessment and Authorization (A&A) efforts and ensure system documentation reflects current security configurations, including hardware, software components, data flow, interconnections, and ports, protocols, and services
• Identify potential risks associated with system configurations and advise on mitigation strategies
• Document residual risks and provide cybersecurity risk analysis and mitigation determination results
• Participate in A&A status meetings, facilitate the progression towards successful A&A efforts, and assist in estimating Level of Effort (LOE) for A&A activities
• Develop and implement detailed test plans, review findings from self-assessments to determine readiness for independent validation and verification (IV&V) and conduct IV&V assessments
• Analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
• Conduct thorough reviews of all vulnerabilities, architecture, and defense-in-depth strategies, and report findings in POA&Ms documents
• Maintain cybersecurity policies and processes as assigned
• Manage and track systems or programs involved in the A&A process
• Develop and implement security-related directives and guidance for Information Assurance (IA), Information Technology (IT), and Information Management (IM)