As an Information Systems Security Officer (ISSO), you will be responsible for implementing and maintaining the organization’s information security policies and procedures. You will work closely with IT and security teams to ensure that all information systems and processes are secure and compliant with relevant regulations and standards.
-
Bachelor’s degree and 2 years' work experience or equivalent experience or 7 years related work experience, to include:
-
Being a self-starter who’s able to work in both independent and team environments while building work relationships with SMEs across divisions. Additionally, must be comfortable with cyber security and able to brief issues to the customer.
-
The ability to articulate and provide a true and accurate status update on government IT systems security posture as well as overall system health to the customer in a clear and concise manner.
-
Experience executing the NIST Risk Management Framework (RMF) and applying security practices found in NIST publications. (i.e. SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, etc.)
-
Experience documenting System Security Plans to include security control implementation statements.
-
Experience conducting periodic reviews of implementation statements to ensure persistent compliance with applicable government and agency level policies in addition to ISO and NIST standards.
-
Supporting the security assessment and authorization (or ATO) process.
-
Analyzing testing results from scans, audits, penetration tests, or other test efforts to determine risk levels.
-
Hands-on experience with vulnerability management tools such as Tenable Nessus and Security Center.
-
Conducting Continuous Monitoring and maintaining the security posture of IT systems within on-prem, cloud, and hybrid environments.
-
Knowledgeable on one or more cloud computing services and technologies including but not limited to: AWS, Microsoft Azure, VMware, etc.