Information Systems Security Officer (ISSO)

Computer World Services (CWS)Corporation
Washington, DC
Jul 13, 2018
Jul 16, 2018
Full Time
Job Description The Information Systems Security Officer will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, POA&M management, ISO 27001 requirements, NIST 800 Series Special Publications, Federal Information Processing Standards (FIPS), FedRAMP Authorizations, and other regulatory compliance requirements. The individual will be responsible for assisting in federal audit that may occur during their employment. Key Tasks and Responsibilities * Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps * Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies * Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums * Identify, assess, and prioritize identified risks * Collect evidence, artifacts, and document findings to support conclusions * Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies * Track and report on Plans of Action and Milestones (POAMs) (ie, findings/deficiencies to closure) * Coordinate third-party risk assessments and IT audits * Manage remediation efforts and report on the status of control deficiencies * Support security initiatives and global policy adherence and awareness efforts * Support global information security metrics and reporting program(s) * Provide security expertise to business units and key stakeholders * Enforce policy adherence and manage formal policy exception requests * Provide timely status updates/reporting on assessments and assigned projects Education & Experience * Bachelor's degree in Computer Science or a related engineering field with training in information security * 10+ years' experience in Information Security * 5+ years' experience building and managing Windows server platforms * Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations * Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (ie, FedRAMP) * Thorough knowledge of federal laws and directives pertaining to information security * Experience using security scanners (eg Nessus, Nexpose, etc) and remediating vulnerabilities * Experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (ie, Minimum Benchmarks: CIS, STIGS) * Experience reviewing system logs for potential intrusions and policy violations. * Experience using Forescout, Bigfix, and RES a plus Certifications * CISSP, CISM, CAP Security Clearance * Agency Specific Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.) * EOE AA M/F/Vet/Disability EEO is the Law:

Similar jobs