Jobs · Information Technology · Maryland

Senior Information System Security Officer

Apex Systems · Oxon Hill, MD · 6 days ago
Information TechnologyContract

About the role

The position involves managing the security program and systems at FEMA St. Elizabeth Campus (SE DC), currently remote but requiring occasional on-site visits. The immediate focus is on remediation and stabilization, with automation initiatives following.

Responsibilities

- Manage the RMF process and POA&Ms. - Assist in automating systems. - Serve as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership. - Develop and maintain SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans. - Conduct risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities. - Own POA&M management, remediation planning, audit findings, and compliance tracking. - Perform Security Impact Analyses, change request reviews, and configuration management activities. - Develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices. - Develop and advise on remediation plans and cybersecurity risks and compliance requirements. - Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms. - Experience with cloud security and FedRAMP authorization processes.

Requirements

- Must be able to obtain and maintain a DHS Public Trust up to a Top Secret Clearance. - Bachelor’s degree (BS) or Associate’s degree (AS) with 10+ years of Information Security experience supporting federal systems, or 13+ years with a BS, or 16+ years with an AS. - Experience managing multiple systems at once and assisting with automating systems. - Comfortable managing multiple systems at once and assisting with automating systems. - Shift: Monday - Friday, 9 AM - 5 PM.

Qualifications

- Senior ISSO with 10+ years of Information Security experience supporting federal systems. - Deep expertise leading the full RMF lifecycle and ATO process end-to-end. - Strong knowledge of FISMA, NIST 800-37, NIST 800-53, DHS 4300 Series, and federal cybersecurity requirements. - Experience serving as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership. - Hands-on experience developing and maintaining SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans. - Experience conducting risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities. - Ownership of POA&M management, remediation planning, audit findings, and compliance tracking. - Experience performing Security Impact Analyses, change request reviews, and configuration management activities. - Ability to develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices. - Experience with security control implementation, self-assessments, control inheritance, and business impact analyses. - Strong background supporting security audits, ATO packages, compliance reviews, and accreditation efforts. - Experience developing remediation plans and advising stakeholders on cybersecurity risks and compliance requirements. - Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms. - Knowledge of cloud security and FedRAMP authorization processes. - Strong communication skills with the ability to brief executives, present risk findings, and work directly with senior leadership. - Preferred experience supporting DHS, FEMA, DoD, or other federal agencies. - CISSP, CISM, or CASP+ certification preferred (IAT Level III equivalent).

Skills

- Senior ISSO with 10+ years of Information Security experience supporting federal systems. - Deep expertise leading the full RMF lifecycle and ATO process end-to-end. - Strong knowledge of FISMA, NIST 800-37, NIST 800-53, DHS 4300 Series, and federal cybersecurity requirements. - Experience serving as the primary cybersecurity lead/advisor for system owners, PMOs, and senior leadership. - Hands-on experience developing and maintaining SSPs, POA&Ms, Configuration Management Plans, Contingency Plans, and Incident Response Plans. - Experience conducting risk assessments, annual security assessments, vulnerability assessments, and continuous monitoring activities. - Ownership of POA&M management, remediation planning, audit findings, and compliance tracking. - Experience performing Security Impact Analyses, change request reviews, and configuration management activities. - Ability to develop and maintain authorization boundary diagrams, security architectures, and security requirement traceability matrices. - Experience with security control implementation, self-assessments, control inheritance, and business impact analyses. - Strong background supporting security audits, ATO packages, compliance reviews, and accreditation efforts. - Experience developing remediation plans and advising stakeholders on cybersecurity risks and compliance requirements. - Familiarity with CSAM, eMASS, RegScale, or similar GRC platforms. - Knowledge of cloud security and FedRAMP authorization processes. - Strong communication skills with the ability to brief executives, present risk findings, and work directly with senior leadership. - Preferred experience supporting DHS, FEMA, DoD, or other federal agencies. - CISSP, CISM, or CASP+ certification preferred (IAT Level III equivalent).

Benefits

- Medical, dental, vision, life, disability, and other insurance plans. - ESPP (employee stock purchase program). - 401K program with company match. - HSA (Health Savings Account on the HDHP plan). - SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions. - Corporate discount savings program and other discounts. - On-demand training program, certification prep, and access to technical and leadership courses/books/seminars. - Certification discounts and other perks to associations like CompTIA and IIBA. - Dedicated customer service team for benefits and other resources. - Certified Career Coach.

Similar jobs