Information System Security Officer (ISSO)

The Information Systems Security Officer (ISSO) is responsible for ensuring the continuous monitoring of security and privacy controls for one or more information systems managed by or on behalf our Federal civilian agency customer. The ISSO works closely with the Information System Owner, Information System Security Manager, system administrators, and other IT and privacy professionals supporting the system(s). The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and is assigned responsibility for the day-to-day security monitoring of the system(s), including but not limited to threat analysis, vulnerability assessments and remediation, compliance monitoring and reporting, POAM and Corrective Action Plan management, Interconnection Security Agreements, Security Impact Assessments within the change management process, risk assessments, and SLAs. Security controls and standards are aligned with NIST SP 800-53 rev 5 and the NIST RMF.

Requires in-depth knowledge of FISMA, FedRAMP, NIST Special, Risk Management Framework, POAM management, incident response, audit, accreditation processes, and configuration management compliance.

Additional activities include:

• Develop and/or maintain physical or logical topologies for monitored system(s) in concert with systems engineers

• Assist the contract’s security manager in meeting their duties and responsibilities, as well as extensive collaboration with customer security personnel

• Prepare, review, and update authorization packages and associated artifacts; familiarity with an authorization management system such as JCAM, eMASS, CSAM, Xacta, etc.

• Ensure the contract’s operations procedures and process documents are properly managed and reviewed/updated at least annually.

• Conduct periodic reviews of information systems to ensure compliance with the security authorization package.

• Coordinate annual incident management and COOP/DR tabletop exercises; monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.

• Familiarity with Azure tools, particularly Defender and Sentinel are highly desirable.

• Ensure audit records are collected, reviewed, and documented (to include any anomalies), in addition to internal and external audit support

Experience:

• Prior performance in roles such as System Administrator or Network Administrator, with preferential experience in specific ISSO duties.

Certifications: CISSP or Security+ any revelant IT or security certification

Education:

• Bachelor’s degree OR industry recognized certifications and 8 years of relevant experience