Intermediate Information System Security Officer
Job Description
We are seeking an Intermediate Information System Security Officer (ISSO) to support a federal agency's Office of the Chief Information Security Officer (OCISO). The successful candidate will join a team focused on remediating and stabilizing a complex security environment. This role is pivotal in restoring security programs, updating documentation, and improving compliance across approximately 90 systems. The position involves a shift towards organizing responsibilities by security control families, offering an opportunity to manage and monitor specific controls enterprise-wide.
- Execute Risk Management Framework (RMF) activities to support Authorization to Operate (ATO) decisions.
- Develop and maintain key security artifacts, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and Contingency Plans.
- Conduct security control assessments, vulnerability assessments, and Security Impact Analyses for system changes.
- Support continuous monitoring efforts, including POA&M tracking, remediation, and patch management oversight.
- Identify security gaps and implement appropriate controls to ensure system compliance with federal standards.
- Support change management processes by participating in Change Advisory Board (CAB) reviews and conducting security impact reviews.
- Prepare for and support security audits, compliance reviews, and testing events.
- Provide documentation and timely information to leadership in response to cybersecurity data calls.
- Collaborate with system owners, stakeholders, and other cybersecurity teams to maintain the confidentiality, integrity, and availability of information systems.
Education & Experience
A combination of education and experience is required, such as a Bachelor's degree with 7 years of experience, an Associate's degree with 10 years of experience, or 13 years of experience with no degree. Minimum 7 years of experience in Information Security, specifically in an ISSO role supporting federal government systems.
Technical Skills & Certifications
- Must hold at least one of the following IAT Level III certifications: CISSP, CISM, or CASP+.
- Hands-on experience executing the RMF lifecycle and performing ATO activities.
- Strong knowledge of FISMA, NIST 800-37, NIST 800-53, and DHS 4300 Series security directives.
- Experience with Governance, Risk, and Compliance (GRC) tools such as CSAM, eMASS, or RegScale.
- Proficiency in technical writing with experience producing compliance and assessment documentation.
- U.S. Citizenship is required.
- Previous experience supporting DHS or FEMA.
- Understanding of cloud security concepts, with experience in AWS or Azure.
- Experience with automated security tools and scripting.
Benefits
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.
About the Role
The role requires a strong background in Information Security, with a focus on supporting federal government systems. The candidate should have experience in executing the RMF lifecycle and performing ATO activities, as well as hands-on experience with governance, risk, and compliance tools.
Qualifications
The ideal candidate will have a minimum of 7 years of experience in Information Security, specifically in an ISSO role supporting federal government systems. They should also hold at least one of the following IAT Level III certifications: CISSP, CISM, or CASP+. Proficiency in technical writing and experience with GRC tools such as CSAM, eMASS, or RegScale is essential.
Skills
The role demands a strong understanding of FISMA, NIST 800-37, NIST 800-53, and DHS 4300 Series security directives. Experience with automated security tools and scripting is also crucial.
Requirements
The candidate must reside within a local radius of Washington, D.C., and be available to come onsite occasionally if requested by the client. The role is currently 100% remote.
Pay
The pay for this position is competitive and commensurate with experience.
Schedule
The schedule for this position is flexible and can accommodate remote work, with occasional onsite visits as needed.