Information System Security OfficerMILITARY FRIENDLY PREFERRED - HOH SPONSORThe Information Systems Security Officer (ISSO) will provide Security Assessment and Authorization (SAA) support to the client and their IT systems. These systems are a combination of General Support Systems, Major Applications, Minor Applications and Subsystem at various impact levels. The ISSO will be responsible for developing and providing risk and vulnerability assessments, Security Control Assessments (SCA), SAA documentations and various reports, based on NIST guidelines and client's policies, procedures and request. Duties ResponsibilitiesDeveloping a detailed project schedule, including SAA/SCA task and milestones, task dependencies, and personnel resourcesConducting SAA activities and tasks to obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives.Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199 categorization.Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility.Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System.Review and generate SAA and system documentation as needed.Selecting baseline controls for the IT System using RSA Archer and tailor security controls as appropriate.Implement security controls based on IT System FIPS categorization.Ensure system compliance with client baseline security configurations and customizations through collaboration with assigned system teams and IT SecurityDocumenting security control implementation in the system's Security Plan using the Library's Information Assurance (IA) tool (RSA Archer).Conduct SCA for IT systems, when required.Document system's risk assessment per client directives and requirements.Develop and document all required artifacts for the SAA package.Conduct Contingency Plan Test (CPT) for systems.Review and monitoring system security and audit logs.Develop and maintain Plan of Actions and Milestones (POAMs) for IT systems.Update SAA documentation and artifacts on a regular basis (e.g. annually, after approved change)QualificationsMinimum RequirementsA minimum of five (5) years of demonstrated experience in the Information Security(Cybersecurity or Information Assurance) field.Demonstrates a proficiency with developing, maintaining and managing SAA packages.Experience with developing and managing POAM's.Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.Technical experience with reviewing vulnerability scans and providing mitigation techniques.Possess expertise in conducting SCA's.Experienced writing security related policies and proceduresPossess experience conducting CPTs.Experience with conducting audit log reviews.Experience with NIST Special Publications and guidance.Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.Excellent communication (written and verbal) skillsEducation and CertificationsBachelor's degree or higher in computer science, Information Technology, Information Security, or similar fields.A minimum of at least one (1) certification must be active relating to information security such as: Certified Information Systems Security Professional (CISSP);GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.), CompTIA Security +, CEHClearancePublic TrustWork LocationPrimarily Remote.Onsite work at the client location in Washington, D.C. and Zermount HQ in Arlington, VA., may be occasionally required. Hours of OperationBusiness Hours: 8:00 am EST - 4:30 pm EST.
