Information System Security Officer
Candidates must have a Secret clearance & Security+, CISSP, CISM, CAP, GSLC, or CASPCloud experience/exposure preferred Microsoft Azure and Amazon AWSEnsuring that security assessments and authorizations (SA&A) of Agency information systems are completed in accordance with the published procedures and providing appropriate level of support for SA&A activities;Ensuring risk analyses are completed to determine essential safeguards;Maintaining and updating system security documentation as required in accordance with Agency policies and NIST;Maintaining an inventory of hardware and software required for the system;Supporting continuous monitoring testing and assisting in the management of the Plan of Actions and Milestones (POAEnsuring that user accounts are managed according to Agency policies and procedures; and validating Common Control inheritance of applications;Update system documentation in IACS. Additional responsibilities:Collaborating with the system owner, project team and the Cyber Security Division (CSD) to ensure that system security requirements are identified, documented, constructed and validated throughout the project lifecycle;Coordinating the review of System Security documents by the authorizing official and the project team, system owner, and the Agency CSD;Collaborate with the project manager and/or system owner to ensure timely approval of those artifacts by the approving personnel;Developing SA&A documentation and assist with 3PAO assessment where necessary;Review Security Assessment Report and present the results to the Agency CIO;Performing Continuous Monitoring activities in accordance with the Agency and NIST Continuous Monitoring requirements. The support includes creation of new documents and update of existing documents per contract requirements; Qualifications: ( Candidates must)Have a very good understanding of SDLC and RMF Process.Experience performing system analysis, system audits, system monitoring, security control assessment/testing (or ST&E), risk management, incident response.Working knowledge of various hardware platforms and software applications. Education:Bachelors of Science degree, preferably in Information Systems, Computer Engineering, Computer Science or Cybersecurity Familiarity with the following Security Regulations and/or Frameworks:FedRAMP, FISMA, NIST (ie, 800-53r4, 800-53Ar4, 800-37r1, etc.) and FISCAM Company Description: ChandlerCG is a management consulting firm that provides technology and strategy services. We operate with a goal of optimizing organizational performance through strategic initiatives centered on enhanced IT solutions, cyber security, predictive analytics and integrated talent management.