Jobs · Information Technology · Tennessee

Information Systems Security Officer ISSO

Cadre5 · Knoxville, TN · 3 mo ago
On-siteInformation TechnologyFull-time

Duties and Responsibilities

The ISSO is a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization. The ISSO provides direction to IT and infrastructure support personnel on the application of security patches and secure configurations. Routine collaboration and consultation with the ISSM regarding the design, development, integration, and analysis of unclassified information systems. Under general supervision, the candidate is responsible for performing a full range of Information Assurance functions in support of the security needs of the ISSM.

Primary Responsibilities:

  • Provide assistance to the ISSM and CISO in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the client site.
  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures and as outlined in applicable System Security Plans (SSPs).
  • Perform documented procedures for authorizing users to access information systems.
  • Develop and maintain SSPs for system C&A.
  • Manage Plans of Action and Milestones to closure for information systems under accreditation.
  • Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices.
  • Escalate questions/concerns/issues to more senior-level staff as required.
  • Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
  • Identify, promote, and make recommendations for process improvements.
  • Aid with annual self-inspections, system certification testing, periodic security testing, and functional testing on systems/networks.
  • Ensure compliance of all network equipment with applicable DOE and ORNL requirements.

Qualifications

  • Bachelor’s degree with 3-5 years of relevant experience (ex. cybersecurity assessments, risk management, cybersecurity policy, and compliance, etc.). An equivalent combination of education and experience may be considered.
  • Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL.
  • Demonstrated experience implementing compliance frameworks (NIST, etc).
  • Excellent interpersonal, verbal, written, and presentation communication skills.
  • Thorough understanding of industry standards and regulations including NIST 800-53, NIST Risk Management Framework, and NIST Cybersecurity Framework (CSF).
  • Working knowledge of privacy regulations and impacts.
  • Ability to work independently, meet deadlines, and uphold high ethical standards.
  • This position requires and an active Department of Energy "Q" or “L” clearance. A “Top Secret (TS)” or “Secret” Department of Defense clearance will also suffice. This requires US Citizenship.

Similar jobs