ISSO

Role Description:

● Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.

● Research assigned IT security systems to provide insight into IT security architectures and IT security recommendations for assigned systems.

● Schedule and co-lead screen-sharing sessions with engineering support and system stakeholders to gain a full understanding of a system’s technology stack

● Oversee and manage relationships with vendors for assigned contractor-owned and contractor-operated systems, ensuring vendors comply with agency security and privacy requirements.

● Assist stakeholders with IT security-related activities to ensure project deadlines are met.

● Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings.

● Ensure security activities and change management tasks are implemented throughout the SDLC from beginning to end.

● Ensure all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).

● Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

● Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle

● Report and respond to security incidents.

● Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched, and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are remediated as appropriate.

‍

Required Qualifications & Education:

● Must have one of the following active certifications: CISSP, CISA, CISM, CCSP

● A minimum of three (3) years of technical experience in defining security program requirements or processes for the protection of sensitive or classified information. Competent to work in most phases of network, systems or application information assurance.

● A minimum of three (3) years of experience performing functions and responsibilities as an ISSO or ISSM for systems that at least have a Moderate FIPS 199 categorization

● Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional two (2) years of relevant experience.

● Have detailed knowledge of NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices.

● Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences.

● Ability to communicate, both written and oral, to both technical and non-technical stakeholders.

● Good understanding of and experience with applying FISMA and NIST Cybersecurity framework and requirements.                                          

● Experience in developing Information Security policies and procedures.

‍

Clearance and Location Requirements:

• Able to be cleared for a Public Trust clearance.

• This is a remote position.

‍