Information System Security Officer (ISSO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Solutions By Design II, LLC (now Evolver Federal) · 1 day ago

Information System Security Officer (ISSO)

positionUS
timeFull-time
remoteOnsite
seniorityMid Level
date3+ years exp

Evolver Federal is looking for an Information System Security Officer (ISSO) to join our team in support of our federal health IT customer. The ISSO will support all Risk Management Framework activities and work closely with IT teams, developers, and CMS stakeholders to maintain a secure, compliant, and operational CMS that effectively protects organizational data.

ConsultingCRMCyber SecurityInformation TechnologyInfrastructureRoboticsSoftware
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Risk Management Framework (RMF) Activities: Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring
Security Authorization Documentation: Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation
Security Control Assessment Response: Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the CMS Security Team
Change Management: Review all change requests for potential impact to the system security posture
Continuous Monitoring: Conduct audit log and account management reviews, and update the Control Allocation Table and Trigger Accountability Log
Configuration/Patch/Vulnerability Management: Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix
Incident Response: Work with the CMS Security Team and system teams to investigate and analyze any incidents affecting assigned system(s)
Have the ability to apply a comprehensive knowledge across key tasks and high impact assignments
Evaluate performance results and recommend major changes affecting short-term project growth and success
Function as a technical expert across multiple project assignments
Work on high priority ad-hoc request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), CMS mandates, etc

Qualification

NIST SP 800-53Risk Management FrameworkInformation Systems SecuritySecurity CertificationVulnerability ManagementIncident ResponseTechnical WritingAgile EnvironmentCommunication SkillsProject Management

Required

3 years of specialized experience in one of the following positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager
3 years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
3 years of experience with leading projects, technical writing, administrative tasks, and conducting briefings
3 years of experience working with NIST SP 800-53, RMF, FISMA, CMS policies
Must have and maintain at least one (1) active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by our customer. Proof of certification is required
US Citizen or Permanent Resident required, and all applicants shall have lived in the United States for at least three (3) out of the last five (5) years
Must be able to pass a comprehensive background check that includes a client-specific Public Trust background investigation

Preferred

Have a deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents
Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization
Develop briefings and presentations for Government PM and Executive Management
Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government
Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required
Ensure systems are properly patched and hardened according to CMS requirements
Assist with issues and concerns related to their assigned systems
Conduct research and analysis on abnormalities and provide recommendations
Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats and risks in emerging IT projects at CMS, and develop technical in-depth engineering solutions to address and mitigate these risks
Provide technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements
Provide, prepare, and conduct security training, as needed
Apply and analyze privacy laws, administrative laws, regulations and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland Security Act of 2002
Serving as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations
Work on the automation, monitoring and auditing of privacy controls for each USCIS system
Support security and privacy requirements for internal and external system connections
Support proposed collection, sharing, and maintenance of PII through privacy compliance documentation
Perform comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with CMS and FISMA requirements
Conduct quality assurance checks to ensure that the finished documentation meets CMS and FISMA requirements
Revise, edit, or update security authorization documentation and presentations
Create, adapt, and follow project schedules and deadlines
Develop a thorough understanding of the audience and the documentation required by meeting with colleagues, and working with managers to discuss technical problems
Research and build knowledge about products, services, technology, or concepts
Determine the clearest and most logical way to present information and instructions for greatest reader comprehension, and write and edit technical information accordingly
Prepare or commission graphics and illustrations to elaborate on or complement technical writing
Meet with SMEs in order to ensure that specialized topics are appropriately addressed and discussed
Perform other duties as assigned by the Government
Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected

Benefits

Health, dental and vision insurance
401(k)
Flexible spending account
Paid leave (including PTO and parental leave)

Company

Solutions By Design II, LLC (now Evolver Federal)

twittertwittertwitter
company-logo
Our team members are now fully integrated into Evolver as part of the Evolver Federal team.
dateFounded in 1989
location
Vienna, Virginia, USA
people-size201-500 employees
web-link
http://sbd.com

Funding

Current Stage
Growth Stage
Total Funding
unknown
2023-08-16Acquired
Company data provided by crunchbase