Description:
Job Title: Information System Security Officer (ISSO) 4
Job Code: SAS20223011-94084
Job Location: Rochester, NY
Job Description:
This role required an experienced Information System Security Professional (appointed ISSO/M) with strong cybersecurity knowledge, who can work under general oversight from a senior Information System Security Manager (ISSM). This individual will work closely with Information System Owners, information systems security engineers, systems administrators and program engineers to explain, interpret and apply cybersecurity processes, practices, and procedures required to obtain and maintain ongoing authorizations and accreditations. This role will require on ongoing understanding of business objectives, and the successful candidate will skillfully navigate compliance and business needs.
The ISSM is required to vet and approves changes or other enhancements to information systems and related processes. The ISSM also provides the protection and safeguarding of sensitive information systems and has the ultimate responsibility for the day-to-day security operations of complex enterprise environments. This candidate must be knowledgeable in information technology, information system security, and the Risk Management Framework as it relates to various governance documents (DAAPM, JSIG, etc.). This role will require authoring, maintaining, and disseminating applicable bodies of policy and procedure.
Essential Functions:
· Understanding the business goals and objectives of the programs which the infrastructure supports.
· Communicating regularly with business leaders to keep them apprised of the rapidly changing information security landscape
· Authoring and maintaining the Body of Evidence (BOE) artifacts in support of Assessment & Authorization (A&A) of assigned systems in accordance with Risk Management Framework (RMF) and sponsoring customer directives.
· Information System Auditing
· Performing internal security control assessments
· Overseeing and managing information system configuration
· Working with IT professionals to organize and develop device and system hardening guides following principles disseminated from DISA, NIST and other applicable agencies.
· Conducting periodic hardware/software inventory assessments
· Conducting continuous monitoring activities on assigned information systems
· Remediating control deficiencies (vulnerability management and flaw remediation)
· Investigating security incidents such as data spills and malicious events compromising sensitive information
Qualifications:
· Bachelor’s Degree and a minimum of 6 years of prior related experience. Graduate Degree with a minimum of 4 years of prior related experience.
· Active TS/SCI security clearance (w. CI Polygraph preferred)
· Minimum DoD 8570 Baseline Certification IAM Level III; i.e. CISSP or the ability to obtain within 6 months of hire
Preferred Additional Skills:
· 6+ years’ experience as an ISSO/M supporting or managing cybersecurity on classified systems
· Experience with the Risk Management Framework; reducing risk to an acceptable level through the skilled implementation of security controls (NIST SP 800-37)
· Continuous Monitoring of Security Controls (NIST SP 800-53)
· Experience developing, managing, providing evidence to close POA&Ms associated with the A&A and project management processes
· Experience with government sponsored cloud-based environments
· Experience with Windows and Linux based operating systems
· Experience reviewing information system security logs and operating auditing tools
· Experience with DISA STIGs and SCAP Compliance Checker
· Experience interpreting vulnerability scanning results (Nessus, ACAS, etc.) and developing/facilitating flaw remediation plans
Receive emails for the latest jobs matching your search criteria
