Senior Information System Security Officer
Information TechnologyContract
About the role
The position involves managing the security program and systems at FEMA St. Elizabeth Campus (SE DC), currently remote but requiring occasional on-site visits. The immediate focus is on remediation and stabilization, with automation initiatives following.
Responsibilities
- Manage the RMF process and POA&Ms.
- Assist in automating systems.
- Serve as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership.
- Develop and maintain SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans.
- Conduct risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities.
- Own POA&M management, remediation planning, audit findings, and compliance tracking.
- Perform Security Impact Analyses, change request reviews, and configuration management activities.
- Develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices.
- Develop and advise on remediation plans and cybersecurity risks and compliance requirements.
- Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms.
- Experience with cloud security and FedRAMP authorization processes.
Requirements
- Must be able to obtain and maintain a DHS Public Trust up to a Top Secret Clearance.
- Bachelor’s degree (BS) or Associate’s degree (AS) with 10+ years of Information Security experience supporting federal systems, or 13+ years with a BS, or 16+ years with an AS.
- Experience managing multiple systems at once and assisting with automating systems.
- Comfortable managing multiple systems at once and assisting with automating systems.
- Shift: Monday - Friday, 9 AM - 5 PM.
Qualifications
- Senior ISSO with 10+ years of Information Security experience supporting federal systems.
- Deep expertise leading the full RMF lifecycle and ATO process end-to-end.
- Strong knowledge of FISMA, NIST 800-37, NIST 800-53, DHS 4300 Series, and federal cybersecurity requirements.
- Experience serving as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership.
- Hands-on experience developing and maintaining SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans.
- Experience conducting risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities.
- Ownership of POA&M management, remediation planning, audit findings, and compliance tracking.
- Experience performing Security Impact Analyses, change request reviews, and configuration management activities.
- Ability to develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices.
- Experience with security control implementation, self-assessments, control inheritance, and business impact analyses.
- Strong background supporting security audits, ATO packages, compliance reviews, and accreditation efforts.
- Experience developing remediation plans and advising stakeholders on cybersecurity risks and compliance requirements.
- Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms.
- Knowledge of cloud security and FedRAMP authorization processes.
- Strong communication skills with the ability to brief executives, present risk findings, and work directly with senior leadership.
- Preferred experience supporting DHS, FEMA, DoD, or other federal agencies.
- CISSP, CISM, or CASP+ certification preferred (IAT Level III equivalent).
Skills
- Senior ISSO with 10+ years of Information Security experience supporting federal systems.
- Deep expertise leading the full RMF lifecycle and ATO process end-to-end.
- Strong knowledge of FISMA, NIST 800-37, NIST 800-53, DHS 4300 Series, and federal cybersecurity requirements.
- Experience serving as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership.
- Hands-on experience developing and maintaining SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans.
- Experience conducting risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities.
- Ownership of POA&M management, remediation planning, audit findings, and compliance tracking.
- Experience performing Security Impact Analyses, change request reviews, and configuration management activities.
- Ability to develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices.
- Experience with security control implementation, self-assessments, control inheritance, and business impact analyses.
- Strong background supporting security audits, ATO packages, compliance reviews, and accreditation efforts.
- Experience developing remediation plans and advising stakeholders on cybersecurity risks and compliance requirements.
- Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms.
- Knowledge of cloud security and FedRAMP authorization processes.
- Strong communication skills with the ability to brief executives, present risk findings, and work directly with senior leadership.
- Preferred experience supporting DHS, FEMA, DoD, or other federal agencies.
- CISSP, CISM, or CASP+ certification preferred (IAT Level III equivalent).
Benefits
- Medical, dental, vision, life, disability, and other insurance plans.
- ESPP (employee stock purchase program).
- 401K program with company match.
- HSA (Health Savings Account on the HDHP plan).
- SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions.
- Corporate discount savings program and other discounts.
- On-demand training program, certification prep, and access to technical and leadership courses/books/seminars.
- Certification discounts and other perks to associations like CompTIA and IIBA.
- Dedicated customer service team for benefits and other resources.
- Certified Career Coach.