Information System Security Officer (ISSO)

Type: Full time

WORK LOCATION

Laurel, MD

GENERAL RESPONSIBILITY

The ISSO/Certifier will use Federal Certification and Accreditation (C&A) processes to research, verify and document information security controls in order for the "systems" to be accredited.

  • Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST.
  • Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, ad emerging threat information.
  •  Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).
  • Report on security status and security incidents.
  • Conduct Security Authorization document reviews.
  • Create and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, SOPs.
  • Conduct meetings with Government leadership and briefing on the State of Security for the systems in their purview.
  • Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system.
  • Assist in maintaining all configurations, architecture, installed software, accounts, data flows, ports, protocols, and other relevant data for each IT System and capture in design documents.
  • Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
  • Work closely with the vulnerability management team to solve POAMs

EDUCATION

  • BA/BS or higher preferred, in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines.

REQUIRED

  • U.S. Citizenship required

  • Prior work experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice, preferably in support of the Federal government.

  • Knowledge of Federal government C&A practices and policies, particularly, FISMA and NIST SP 800-53.

  • Experience with information assurance tools preferred.

  • Ability to work independently and also collaborating closely with application developers, engineers and others.

  • Must be self-motivated and results oriented.

  • Effective written and oral communication skills.

  • Previous experience in or working for the government a plus.

  • Working knowledge of Ongoing Authorization within the NIST Framework