Information System Security Officer
Type: Full time
Occasional Meetings in Manassas, VA - Option of REMOTE
Purpose of Position
The Security Analyst, Senior's main focus is on annual audits, compliance, privacy laws and submitting Authority to Operate (ATO) packages. The analyst is responsible to monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, networks, databases, and Web-based security. The analyst conducts compliance vulnerability assessments and monitors systems, networks, databases, and Web for potential system breaches. The analyst recommends and implements changes to enhance systems security based off of annual audits. The analyst may also oversee internal or external systems security (i.e. cloud services).
Major Responsibilities & Weights
40%: Authors and verifies Authority to Operate (ATO) documentation such as System Security Plans and Risk Assessments. Works with security officers to determine system categorization, e-Authentication requirements, and assists in the development of the Privacy Impact Assessments and Security Impact Assessments.
20%: Leads efforts to ensure our annual third-party security assessments occur for the analyst's respective FISMA systems.
20%: Coordinates and develops Plans of Action and Milestones (POA&Ms) and tracks and reports on each issue monthly.
20%: With guidance from the Security Manager, develops annual contingency planning efforts, and executes table-top testing exercises as dictated by the customer. Identifies and quantifies business risks. Coordinates and supports the Security Operations team with scan/audit findings and works towards evidence of closure.
Type of Credentials/Licenses
CISSP, CISM, CISA, CAP, or similar level industry security certification.
4-6 Years Related Work Experience
Work Experience / Skills / Abilities Required
General IT knowledge in two or more of the following areas
Operating Systems (Solaris, RHEL, and/or Windows)
Strong time management skills
Self-starter and quick learner with innovative thinking
Security framework, preferably CMS or HHS
Prior experience with the ATO and SDLC processes in government environments
Prior experience performing Risk Assessments (RAs), Security Impact Assessments (SIAs), assisting with System of Records Notice (SORNs) development, Privacy Impact Assessments (PIAs), developing Contingency Plans (CPs)
Prior experience in developing and executing Table-Top tests (TTTs)
Prior experience in developing effective POA&Ms and review those created by other analyst s
Scope of Position
This position is an individual contributor and has no supervisory responsibilities. Provides functional expertise through day-to-day work tasks. Works under the supervision of management.