Jobs · Information Technology · Virginia

Senior Information Systems Security Officer

Steampunk, Inc. · McLean, VA · Yesterday
Information Technology$90k–$140k/yrFull-time

About the role

The Senior Information Systems Security Officer (ISSO) will support all activities ensuring the security authorization level is maintained at an acceptable risk level. This includes creating, monitoring, and updating POA&Ms, conducting assessments, and responding to vulnerabilities.

Responsibilities

  • Create Waivers or Risk Acceptance Memos to manage system risks
  • Conduct annual assessments in accordance with the DHS Information Security Performance Plan
  • Review and update security authorization documents as needed
  • Coordinate with Privacy, Records, and Information Governance Divisions
  • Perform contingency plan tests and update the plan
  • Support system self-assessments and audits
  • Maintain knowledge of inventory in accreditation boundary
  • Ensure security requirements are included in the development cycle
  • Monitor and respond to ISVM/Patch Management
  • Provide audit support for assigned systems
  • Respond to emerging requirements or policies
  • Support DevSecOps requirements for assigned systems
  • Ensure configuration management processes are followed
  • Interpret patterns of noncompliance and advise senior leadership
  • Assess and weigh security threats
  • Interview system stakeholders to document security controls
  • Perform independent and self-assessments
  • Advise on changes affecting the system’s cybersecurity posture
  • Report security violations

Qualifications

  • Masters degree and 4 years of cyber & FISMA experience; OR Bachelors degree and 5 years of cyber & FISMA experience; OR No degree and 9 years of experience, 7 of which must be cyber & FISMA
  • Possesses one of the following professional security certifications: CISSP, CASP, CISM, CEH, CISA, SSCP, GISP, GSLC
  • Specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements
  • Specialized knowledge and experience with NIST SP 800 family of publications (800-53 rev 4/5), particularly those associated with the Risk Management Framework (RMF)
  • Specialized knowledge and experience with vulnerability scanning, assessment, and analysis
  • Specialized knowledge and experience with operating systems (Windows and/or Linux) and networks (LAN and WAN)
  • Specialized knowledge and experience with information security and assurance principles (Defense-in-depth) and associated supporting technologies
  • Specialized knowledge and experience with application, database, and network security
  • Ability to recognize and report security violations

Preferred Skills

  • Experience providing ISSO support to DHS
  • Experience supporting systems in Cloud and Agile environments

Benefits

Annual salary range: $90,000 to $140,000. Additional benefits include:

  • Human-Centered delivery methodology
  • Investment in employee growth
  • Shared accountability in solving mission challenges
  • Employee ownership model
  • E-Verify participation

Similar jobs