Information System Security Officer - ISSO

Employer
Venesco
Location
Washington, DC
Posted
Nov 17, 2020
Closes
Nov 24, 2020
Ref
1432581947
Function
IT, Security Engineer
Hours
Full Time
Venesco is looking to hire ISSO Professionals in the junior, mid, and senior levels for an opportunity with the FBI in Washington, DC. You must have a Top Secret clearance to be considered. Candidates with no clearance will not be considered. Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis Conduct required IS vulnerability scans according to risk assessment Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for FBI ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Junior level: At least 3 years of experience serving as an ISSO at a cleared facility Minimum of 5 years of experience in a computer science or cybersecurity-related field Familiarity with the use and operation of security tools, including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications. Hold at least one of the following certifications: One of the following certifications is required to meet the category/level ISSE-2 (DOD 8570) requirement for this position: Certified Information Systems Security Professional (CISSP) (or Associate) Global Information Security Professional (GISP) the CompTIA Advanced Security Practitioner (CASP) Other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level I proficiency Bachelor s and advanced degree in Computer Science, Cybersecurity, or other cyber discipline is preferred; we can substitute experience with the degree. Mid level: At least 5 years serving as an Information Systems Security Officer (ISSO) at a cleared facility. Minimum of 7 years of work experience in a computer science or Cybersecurity related field. At Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level II Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar A bachelor's or advanced degree in Computer Science, Cybersecurity, or other cyber discipline is preferred . Senior level: At least 7 years serving as an Information Systems Security Officer (ISSO) at a cleared facility. Minimum of 9 years of work experience in a computer science or Cybersecurity related field. Hold Aat least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar A bachelor's or advanced degree in Computer Science, Cybersecurity, or other cyber discipline is preferred . Venesco LLC, offers a very competitive benefits package of healthcare, HSA, vision, dental, life insurance, short- and long-term disability, 401K, and personal leave. We help pay for certifications and training related to the position and have one of the strongest 401K contribution programs in the industry Job Requirements: Reporting for information security activities Meet strategic information security objectives Manage security initiatives to support information security strategy and plan Address any information security related issues Implement the security controls specified in the security plan Conduct the information security risk assessment program Targeted security assessments to ensure appropriate level of security controls Maintain knowledge of general security administration programs and one or more security specialties (e. g. sensitive compartmented information, personnel security, technical security, operations security) Provide an interface to client information security audits Protect corporate cyber security information day to day Perform information security risk assessments and serves as an internal auditor for security issues Oversee the risk assessment and information security awareness Train all employees in effective information security measures Provide ad hoc information security and privacy assistance to projects and regional leaders and information security officers Reporting on business security incidents Create enterprise information security education and awareness platforms Escalate security project issues to management Provide periodic reporting on information security issues to the VC/VPIT Ensure all employees receive mandatory training in information security awareness and information security policies, guidelines and procedures Achieving security and privacy certifications