Information System Security Officer (ISSO)
Company: Method, Inc.
Location: Washington
Posted on: November 8, 2024
Job Description:
Who We're Looking For (Position Overview):Spry Methods is
looking for an ISSOs to support the Department of Interior's (DoI)
Information System Security Line of Business (ISSLoB) Cybersecurity
Program services. The ISSO will be a member of a large team that
manages a variety of activities associated with the National
Institute of Science and Technology (NIST) Risk Management
Framework (RMF) Special Publications. More specifically, this
position will provide Information System Security Officer (ISSO)
and security assessment services for customer information systems.
This position is remote work with limited potential for travel.What
Your Day-To-Day Looks Like (Position Responsibilities):
- Develop functional and technical requirements; serve as a POC
for Information Systems with security issues;
- Prepare and update reports to ensure that the unit complies
with mandated internal and external security reporting
requirements, including Federal Information Security Modernization
Act (FISMA) and Capital Planning;
- Coordinate security program and system elements with the agency
IT Program Managers by evaluating system environments for security
requirements and controls including: IT Security Architecture,
hardware, software, telecommunications, security trends, and
associated threats and vulnerabilities;
- Manage security controls to ensure confidentiality, integrity
and availability of information;
- Build security into the system development process and define
security specifications to Support the acquisition of new
systems;
- Support System Owners or Program Officers on the review of
system procurement requests to ensure that security has been
considered and included;
- Adhere to and implement system security controls that ensure
the protection of Sensitive but Unclassified (SBU) information
using authentication techniques, encryption, firewalls, and access
controls;
- Complete Security Assessments;
- Assist in the Assessment and Authorization process;
- Create and/or update the System Security Plans and other ATO
documentation;
- Serve as an advisor in risk assessments of all systems and
mitigate vulnerabilities;
- Adhere to Continuous Monitoring practices to ensure that
security controls are maintained over the life of IT systems;
- Assist the System Owner in the development, testing and
maintenance of contingency plans, backup and storage
procedures;
- Document all procedures according to the organizations
standards;
- Audit and monitor application, system and security logs for
security threats, vulnerabilities and suspicious activities; report
suspicious activities to the agency Incident coordinator;
- Monitor and coordinate patch management and scanning techniques
for all unit systems; participate in identification and mitigation
of all system vulnerabilities;
- Support and facilitate the security awareness, training, and
education program; and
- Assist the Information System Security Manager (ISSM), or CISO
in any other security related duties, as required.What You Need to
Succeed (Minimum Requirements):
- Public Trust
- 5-8 years direct experience supporting federal organizations
Cybersecurity programs as an ISSO.
- Experience drafting FISMA related artifacts to include: system
security plans, incident response plans, configuration management
plan, FIPS 199, digital identity risk assessments, security impact
analysis, contingency plan, security assessment plans and reports,
Plan of Action and Milestones (POA&M), and training
materials.
- Experience in applying NIST Special Publications to information
systems.
- Experience with performing information system continuous
monitoring of security controls to ensure that they continue to be
implemented correctly, operating as intended and producing the
desired outcome with respect for meeting the security
requirements.
- Knowledge of cybersecurity tools such as: Tenable, Qualys,
Governance Risk Compliance (GRC) tools (e.g. Xacta, eMass, or CSAM,
etc.).
- Experience participating in security assessments and/or
audits.Ideally, You Also Have (Preferred Qualifications):
- Experience with conducting security assessments, audits, and
control implementation in accordance with NIST Special
Publications.
- DoD 8570 IAM Level 2.
- CIPP certification
- CCSK certification (CSA Knowledge Center)
- CISM (ISAKA)
- GRC certification (ISC2)
#J-18808-Ljbffr
Keywords: Method, Inc., Germantown , Information System Security Officer (ISSO), IT / Software / Systems , Washington, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...