Information Systems Security Officer

Pernix Consulting
Rosslyn, VA
Dec 04, 2021
Dec 06, 2021
Full Time
Information Systems Security Officer (ISSO)20-1070Job Location: US-VA-RosslynCategory: Information TechnologyClearance Level: Interim Secret required to startMay be required to obtain Top Secret (TS)FTE with benefitsOverviewPernix Consulting, LLC is seeking an ISSO to support our Federal government client. This is a unique and challenging opportunity in the Office of the Chief Technology Officer (CTO) in Diplomatic Security, US Department of State. CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.ResponsibilitiesResponsible for the initial Security Review and Analysis of New Systems and the CPIC process.Ensure the security posture for existing systems is maintained throughout its production life cycleResponsible for conducting the necessary actions and documentation to retire a systemPossess an understanding of how to categorize a system based on NIST SP 800-60 Vol II and FIPS-199, working with System Owner Representatives, Sys Admins and DevelopersUnderstand the Remote Authentication Compliance rules for systemsCapable of using IRM/IA tools to generate the appropriate System Security Controls based on the System Security Categorization process; document/implement the system security controlsConduct interviews with SMEs, test the system for compliance with controls, and research best industry practices for software and applications being used by the systemEnsure implementation statements are written clearly and are easily understandableMust be able to communicate clearly verbally and in writingCollaborate with other sections in the organization to resolve security issues in a manner that does not impede the DS CTO mission if possible.Review vulnerability reports and make decisions regarding the security posture of systemsCapable of conducting Initial Risk Assessments for any actions that are outsourced to ensure the appropriate security requirements are included in the contractsUnderstand and/or be capable of learning and understanding the FedRAMP and Cloud Service Provider requirements for systemsCapable of creating a System Security Plan (SSP) that contains all the necessary addendums and specific IRM/IA mandates and requirementsCapable of completing the required documentation for Privacy Impact Assessments (PIAs).Capable of creating Information System Security Plans and conducting tests to validate the viability of contingency plans.Capable of reviewing assessment reports and using the IRM/IA algorithm to determine if a finding at the completion of an assessment is a High, Moderate, or Low finding that has the potential to become a POAM (plan of action and milestone).Collaborating with other sections to remediate POAMs and documenting these actions to submit to IRM/IA in a clearly written format as an artifact that can be used to close POA&Ms (plan of action and milestones). These artifacts must also withstand the scrutiny of OIG official review.QualificationsMust be a US citizen with an active DoD Secret clearance2+ years of related experienceDetailed knowledge of the six steps of the RMF processDesired CertificationsCISSPCAPDesired EducationBS in a related field and 4+ yrs related experienceORMS in a related field and 2+ yrs related experiencePernix Consulting, LLC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Similar jobs