Information Systems Security Officer's (ISSO) research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access. The ISSO will inform users, system administrators and cybersecurity liaisons about security measures, explain potential threats, implement current industry standard security measures and monitor networks. Manage and take ownership on specific IT systems and report to the Information Systems Security Manager (ISSM). Coordinate with the Information Technology group and the Systems Administrators of these information systems to ensure the Risk Management Framework (RMF) requirements are implemented, functional and kept up to date according to the System Security Plans.
Responsibilities include, but are not limited to:
+ Review, prepare, and update RMF authorization packages.
+ Notify customer when changes occur that might affect IT systems accreditation package.
* Perform security reviews, identify gaps in security architecture, and update a security risk management plan.
+ Communicate with System Administrators, Cybersecurity Liaisons and ISSM.
* Provide Configuration Management recommendations for security-relevant information system software and hardware.
* Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
* Ensure that Plans of Actions and Milestones or remediation plans are in place for vulnerabilities identified during risk assessment.
* Apply a full range of Cybersecurity policies, principles and techniques to maintain security integrity of information systems processing information.
* Conduct vulnerability scans and recognizing vulnerabilities in security systems.
* Update IT system accreditation packages in eMASS.
* Other IT duties as assigned
Specific duties include:
+ Establish and/or Maintain Authorization to Operate (ATO) status under Risk Management Framework (RMF).
+ Conduct ACAS vulnerability and STIG scans and manage HBSS.
+ Write, maintain and track POA&Ms.
+ Analyze RMF Controls (NIST SP 800-53) for compliance and updating as needed in eMASS.
+ Maintain documentation and cyber artifacts within eMASS to support RMF control compliance.
+ Communicate with IT support team.
+ Knowledge and understanding of cyber defense tools such as ACAS, NESSUS, SCC, STIGViewer for continual monitoring and analysis of system activity to identify malicious or abnormal activity.
+ Experience with Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs) and other IA tools.
+ Experience in preparing detailed System Security Plans (SSP) for Government approval to achieve Approval to Operate (ATO) objectives.
+ Experience updating cyber artifacts and other supporting documentation in eMASS.
+ BS in Computer Science or equivalent field of study and 3-4 years related experience.
+ Possess and maintain an active Secret level security clearance with SCI Eligibility.
+ Security + CE (currently active).
Possible salary range: $65,000 - $85,000
Sigmatech is proud to be an Affirmative Action/Equal Opportunity Employer of Minorities, Females, Protected Veterans and Individuals with Disabilities.
Keyword: Information Systems Security Officer (ISSO)
From: Sigmatech, Inc.