Information System Security Officer (ISSO) - Intermediate

Type: FULL TIME

Location: Manassas/Remote

GENERAL RESPONSIBILITY

The ISSO/Certifier will use Federal Certification and Accreditation (C&A) processes to research, verify and document information security controls in order for the "systems" to be accredited. While this position is remote, the security officer will occasionally support projects onsite in the Northern Virginia area.

  • Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST standards.

  • Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, ad emerging threat information.

  • Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).

  • Report on security status and security incidents.

  • Conduct Security Authorization document reviews.

  • Create and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, SOPs.

  • Conduct meetings with Government leadership and briefing on the State of Security for the systems in their purview.

  • Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system.

  • Assist in maintaining all configurations, architecture, installed software, accounts, data flows, ports, protocols, and other relevant data for each IT System and capture in design documents.

  • Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.

  • Work closely with the vulnerability management team to solve POAMs

EDUCATION

  • BA/BS or higher preferred, in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines.

REQUIRED

  • U.S. Citizenship required

  • Prior work experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice, preferably in support of the Federal government.

  • Knowledge of Federal government C&A practices and policies, particularly, FISMA and NIST SP 800-53.

  • Experience with information assurance tools preferred.

  • Ability to work independently and also collaborating closely with application developers, engineers and others.

  • Must be self-motivated and results oriented.

  • Effective written and oral communication skills.

  • Previous experience in or working for the government a plus.

  • Working knowledge of Ongoing Authorization within the NIST Framework