Information System Security Officer (ISSO)

Contingent Upon Contract Award

DRCG is seeking ISSO's to support our federal customer in D.C., who will ensure appropriate operational security posture is maintained for the program and all information systems.

Company Overview

Dutch Ridge Consulting Group, LLC (DRCG) is an ISO 9001:2015, Department of Veterans Affairs (VA) Certified Veteran Enterprise (CVE), Service-Disabled Veteran-Owned Small Business (SDVOSB). DRCG provides technical support staff at ten locations throughout the United States with corporate offices in Beaver, Pennsylvania and Ashburn, Virginia. DRCG offers expertise in Systems Integration (SI), Information Technology (IT) solutioning, Program Management, Risk Management, Business Process Reengineering (BPR), Requirements Engineering, Workflow Solutioning, and Business Consulting Services. Established in 2016, DRCG is 100% US owned, and has over 50 employees (97% hold a Secret clearance or higher). DRCG optimizes client investments by leveraging expertise to better manage the growth and transformation of existing IT environments.

Top Secret Clearance Required at Start.

Tier I (Junior)

• Minimum of Two (2) years hands-on experience and knowledge in Governance Risk and Compliance (GRC), the Risk Management Framework (RMF), and relevant NIST publications.
• Shall have experience in developing, maintaining, assessing and performing an authorization to operate (ATO) or authorization to test (ATT) for low to moderate information systems.
• Shall have solid communication, written, and presentation skills to brief senior leadership.
• Shall have proficient knowledge on how to use various security tools, such as but not limited to: JCAM (or an equivalent GRC tool), Tenable, BigFix, and Splunk (or SIEM), and/or equivalent, and should be able to ramp up on any other tools relevant to their job.

Tier II (Mid)

• Minimum of Four (4) years hands-on experience and proficient knowledge in Governance Risk and Compliance (GRC), the Risk Management Framework (RMF), and relevant NIST publications.
• Must maintain at least One (1) Certification listed below.
• Shall have at least one (1) year experience in maintaining at least a moderate or high information system authorization for a federal government department or agency.
• Shall have strong communication, written, and presentation skills to brief senior leadership.
• Proficient knowledge on how to use various security tools, such as but not limited to JCAM (or an equivalent GRC tool), Tenable, BigFix, and Splunk (or SIEM), and/or equivalent, and should be able to ramp up on any other tools relevant to their job.
• Provides support, backup or otherwise mentorship to ISSO Tier I as needed.

Tier III (Senior)

• Minimum of Six (6) years hands-on experience and expert knowledge in Governance Risk and Compliance (GRC), the Risk Management Framework (RMF), and relevant NIST publications.
• Must maintain at least Two (2) Certifications listed below.
• Shall have at least Three (3) years supporting and maintaining system authorizations for a federal government department or agency identified as either a cloud system (i.e. IaaS, PaaS, or SaaS), major application, mission critical, high categorization, or a high value asset.
• Shall have excellent communication, written, and presentation skills to brief senior leadership.
• Proficient knowledge in network defense, cloud systems, and good knowledge on how to use various security tools, such as but not limited to: JCAM, (or an equivalent GRC tool), Tenable, BigFix, and Splunk (or SIEM), and/or equivalent, and should be able to ramp up on any other tools relevant to their job.
• Shall maintain at least two certifications of the following below and provides support, backup, or otherwise mentorship to ISSO Tier I and II as needed.

Mid-Level and Senior-Level Certification list:

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Governance, Risk and Compliance (CGRC)

Certified in Risk and Information Systems Control (CRISC)

Information Systems Security Management Professional (ISSMP)

Certified Information Systems Auditor (CISA)

Certified Cloud Security Professional (CCSP)

Certified Ethical Hacker (CEH)

CompTIA Security+

Project Management Professional (PMP)