Information Systems Security Officer

5 Days onsite in Arlington, VA Job Description:

The Information System Security Officer (ISSO) serves as the primary cybersecurity point of contact for work performed under the contract. The ISSO possesses in-depth knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis. This role functions as the highest-level individual contributor in cybersecurity, bringing diverse technical and industry experience. The ISSO acts as a recognized technical expert, providing support in vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.

From a technical perspective, the ISSO is responsible for designing and implementing solutions to protect the confidentiality, integrity, and availability of sensitive information. The role includes providing technical evaluations of customer systems and assisting in security improvements. The ISSO participates in designing information system contingency plans that maintain appropriate protection levels and meet operational time requirements to minimize impact on the customer organization. Additionally, the ISSO conducts security product evaluations and recommends products, technologies, and upgrades to enhance the customer's security posture.

Requirements:

• 8+ years of federal information systems security experience, including support for financial and information security external audits.
• Bachelor's degree in a related field.
• Minimum of two (2) years of FISMA experience.
• One or more of the following certifications: CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, or CISSP.

Technical Skills:

• Demonstrated experience with RMF and applying the NIST Cybersecurity Framework.
• In-depth knowledge of federal information system security policy, industry best practices, security control assessments, POA&M management, system authorizations, configuration management, and system analysis.
• Experience designing and implementing solutions to protect the confidentiality, integrity, and availability of sensitive information.
• Expertise in providing technical support in vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
• Experience using CSAM.
• Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
• Understanding of FISMA and IT audit requirements.
• Ability to collaborate effectively with developers, engineers, and managers on system teams at a technical level.
• Knowledge of current and past cybersecurity threats and vulnerabilities.