Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
$140,000
IT - Security
Washington, DC (On-Site/Office)
Job Title: Information Systems Security Officer
Location: Washington, DC
Type of environment: Office, On-site
Clearance: TOP SECRET security clearance, and the ability to obtain the SCI Clearance.
Job Summary:
On behalf of our client, we are currently seeking an Information Systems Security Officer (ISSO)
with a Top Secret clearance to support Cybersecurity Operations at our Government client site
in Washington, DC. Limited telework may be available with consent of the customer.
Job Responsibilities/Duties:
The ISSO shall proactively review, update, and maintain cybersecurity policy, guidance
documents, directives, templates, and materials to ensure all documentation reflects and
incorporates the most recent version of all cybersecurity program documentation. The ISSO,
with direction, shall provide Cyber security and Privacy requirements and guidance, including,
but not limited to the following:
• Provide a monthly status report and attend monthly status meetings, as well as ad hoc
team meetings as required.
• Develop, edit, format, and modify cybersecurity documentation, including policies,
standards, procedures, user manuals, and other related materials, ensuring consistency
in formatting, language, and structure across all documentation.
• Provide a gap analysis, with recommendations for improvement, of existing Cyber
security policies, handbooks, standards, and procedures and recommend disposition
(i.e. continued use as is, needs revision, or rescind)
• Perform inventory review and update plan with schedule monthly.
• Delivery of Authority To Operate (ATO) packages to CISO/ITSO and CIO as required.
• Conduct IT Checklist Risk Assessments, ensuring that IT Checklist Risk Assessments are
conducted for all acquisition checklists. This process should be integrated into the overall
risk management framework and should inform the development and updating of
cybersecurity policies and procedures.
• Provide overall subject matter expertise to the Information Security Assessment and
Authorization (A&A) program specifically Information System Security Officer (ISSO)
support for National Security System.
• Provide specific guidance and technical expertise in the form of standards, policies,
procedures, and oversight for the DOC A&A program
• Create, review, and update the Privacy Threshold Analysis (PTA).
• Create, review, update as applicable, provide recommendations based on analysis the
Privacy Impact Assessments (PIA).
• Create, review, update as applicable, and provide recommendations based on analysis
for Third Party Application as required.
,• Create, review, update as applicable, and provide feedback on application of security
requirements (e.g. TRB, SSPs, RA’s, contingency plan, incident response plan, continuous
monitoring plan, FIPS, POA&M reports, etc).
• Create, review, analyze, update as applicable all system artifacts for accuracy,
completeness, in support of an authority to operate (ATO) requests
• Create or Review ATO packages prior to submission to CISO and CIO approval.
• Ensure all assessment and audit reports are uploaded properly to the appropriate DOC
Governance, Risk, and Compliance (GRC) tool
• Assist in Plan of Actions and Milestones (POA&M) update and remediation. In addition,
conduct reviews of requests for closures for completeness and compliance.
• Develop and support the ongoing authorization (OA) process that includes continuous
monitoring.
• Keep the System Security Plan accurate and up to date to include drafting/developing
network topology
• Maintain a “Moderate” or better security rating
• Provide expert technical and security support services to accomplish the Accreditation
and Authorization (A&A) of Information System(s)
• Develop, review, and provide feedback on application of security requirements (e.g. TRB,
review of SSPs, RA’s, contingency plan, POA&M reports).
• Responsible for managing and implementing remediation of identified weaknesses.
• Ensure that the system complies with Federal Information Systems Modernization Act
(FISMA), Federal Information Processing Standard Publication 199 (FIPS 199) and NIST
800-53 rev 5 or latest series/revision.
• Ensure that system-related documentation is archived in accordance with departmental
policies and procedures on records management.
• Provide security testing and evaluation of National Security System, which includes
vulnerability scans and a limited amount of scanning analysis support as required in
support of inclusion into the OCIO system boundary.
• Ensure that the Customer Responsibility Matrix (CRM) listed as part of the Customer
Implementation Summary (CIS) is addressed accordingly.
• Create, review, update change management plan as required
• Create, review, update, change, and test contingency plan as required
• Create review, update, change, and test incident response plan as required
• Provide demonstrated subject matter expertise in Enterprise Mission Assurance Support
Service (eMASS) performing the following tasks: o Review security assessments and
upload relevant documentation to eMASS o Manage Plans of Action and Milestones
(POA&Ms), including creating POA&M reports and closure of POA&Ms
o Develop eMASS administration skills, manage user accounts, and provide 1-on-1
training to users
o Generate reports and ensure eMASS compliance.
o Collaborate with stakeholders, including Information System Security Officers
(ISSOs), to update data in eMASS
, • Work closely with all relevant stakeholders to complete data calls and gather necessary
information for the development, review, and updating of cybersecurity documentation.
This may involve coordinating with various teams, conducting interviews, and collecting
data from multiple sources.
• Manage SharePoint of client GRC Folders performing the following tasks:
o Maintain and organize the SharePoint folders for the client Cyber Security
Team's Governance, Risk, and Compliance (GRC) documentation.
o Ensure proper access controls and permissions are set for the relevant
stakeholders. o Implement a folder structure and naming conventions that
facilitate easy navigation and retrieval of documents. o Regularly review and
archive outdated or obsolete documents to keep the folders organized and
up-to-date.
Requirements:
• DoD Top Secret personal clearance, with SCI eligibility.
• Possess 3+ years’ experience in Enterprise Mission Assurance Support Service (eMASS).
• 5+ years of Authorization To Operate (ATO) experience.
• CISM or CISSP certification.
• Excellent English language communication skills, both verbal and written.
• Possesses, demonstrates, and relies on experience and judgment to plan and accomplish
goals.
Location: Washington, DC
Type of environment: Office, On-site
Clearance: TOP SECRET security clearance, and the ability to obtain the SCI Clearance.
Job Summary:
On behalf of our client, we are currently seeking an Information Systems Security Officer (ISSO)
with a Top Secret clearance to support Cybersecurity Operations at our Government client site
in Washington, DC. Limited telework may be available with consent of the customer.
Job Responsibilities/Duties:
The ISSO shall proactively review, update, and maintain cybersecurity policy, guidance
documents, directives, templates, and materials to ensure all documentation reflects and
incorporates the most recent version of all cybersecurity program documentation. The ISSO,
with direction, shall provide Cyber security and Privacy requirements and guidance, including,
but not limited to the following:
• Provide a monthly status report and attend monthly status meetings, as well as ad hoc
team meetings as required.
• Develop, edit, format, and modify cybersecurity documentation, including policies,
standards, procedures, user manuals, and other related materials, ensuring consistency
in formatting, language, and structure across all documentation.
• Provide a gap analysis, with recommendations for improvement, of existing Cyber
security policies, handbooks, standards, and procedures and recommend disposition
(i.e. continued use as is, needs revision, or rescind)
• Perform inventory review and update plan with schedule monthly.
• Delivery of Authority To Operate (ATO) packages to CISO/ITSO and CIO as required.
• Conduct IT Checklist Risk Assessments, ensuring that IT Checklist Risk Assessments are
conducted for all acquisition checklists. This process should be integrated into the overall
risk management framework and should inform the development and updating of
cybersecurity policies and procedures.
• Provide overall subject matter expertise to the Information Security Assessment and
Authorization (A&A) program specifically Information System Security Officer (ISSO)
support for National Security System.
• Provide specific guidance and technical expertise in the form of standards, policies,
procedures, and oversight for the DOC A&A program
• Create, review, and update the Privacy Threshold Analysis (PTA).
• Create, review, update as applicable, provide recommendations based on analysis the
Privacy Impact Assessments (PIA).
• Create, review, update as applicable, and provide recommendations based on analysis
for Third Party Application as required.
,• Create, review, update as applicable, and provide feedback on application of security
requirements (e.g. TRB, SSPs, RA’s, contingency plan, incident response plan, continuous
monitoring plan, FIPS, POA&M reports, etc).
• Create, review, analyze, update as applicable all system artifacts for accuracy,
completeness, in support of an authority to operate (ATO) requests
• Create or Review ATO packages prior to submission to CISO and CIO approval.
• Ensure all assessment and audit reports are uploaded properly to the appropriate DOC
Governance, Risk, and Compliance (GRC) tool
• Assist in Plan of Actions and Milestones (POA&M) update and remediation. In addition,
conduct reviews of requests for closures for completeness and compliance.
• Develop and support the ongoing authorization (OA) process that includes continuous
monitoring.
• Keep the System Security Plan accurate and up to date to include drafting/developing
network topology
• Maintain a “Moderate” or better security rating
• Provide expert technical and security support services to accomplish the Accreditation
and Authorization (A&A) of Information System(s)
• Develop, review, and provide feedback on application of security requirements (e.g. TRB,
review of SSPs, RA’s, contingency plan, POA&M reports).
• Responsible for managing and implementing remediation of identified weaknesses.
• Ensure that the system complies with Federal Information Systems Modernization Act
(FISMA), Federal Information Processing Standard Publication 199 (FIPS 199) and NIST
800-53 rev 5 or latest series/revision.
• Ensure that system-related documentation is archived in accordance with departmental
policies and procedures on records management.
• Provide security testing and evaluation of National Security System, which includes
vulnerability scans and a limited amount of scanning analysis support as required in
support of inclusion into the OCIO system boundary.
• Ensure that the Customer Responsibility Matrix (CRM) listed as part of the Customer
Implementation Summary (CIS) is addressed accordingly.
• Create, review, update change management plan as required
• Create, review, update, change, and test contingency plan as required
• Create review, update, change, and test incident response plan as required
• Provide demonstrated subject matter expertise in Enterprise Mission Assurance Support
Service (eMASS) performing the following tasks: o Review security assessments and
upload relevant documentation to eMASS o Manage Plans of Action and Milestones
(POA&Ms), including creating POA&M reports and closure of POA&Ms
o Develop eMASS administration skills, manage user accounts, and provide 1-on-1
training to users
o Generate reports and ensure eMASS compliance.
o Collaborate with stakeholders, including Information System Security Officers
(ISSOs), to update data in eMASS
, • Work closely with all relevant stakeholders to complete data calls and gather necessary
information for the development, review, and updating of cybersecurity documentation.
This may involve coordinating with various teams, conducting interviews, and collecting
data from multiple sources.
• Manage SharePoint of client GRC Folders performing the following tasks:
o Maintain and organize the SharePoint folders for the client Cyber Security
Team's Governance, Risk, and Compliance (GRC) documentation.
o Ensure proper access controls and permissions are set for the relevant
stakeholders. o Implement a folder structure and naming conventions that
facilitate easy navigation and retrieval of documents. o Regularly review and
archive outdated or obsolete documents to keep the folders organized and
up-to-date.
Requirements:
• DoD Top Secret personal clearance, with SCI eligibility.
• Possess 3+ years’ experience in Enterprise Mission Assurance Support Service (eMASS).
• 5+ years of Authorization To Operate (ATO) experience.
• CISM or CISSP certification.
• Excellent English language communication skills, both verbal and written.
• Possesses, demonstrates, and relies on experience and judgment to plan and accomplish
goals.
group id: 91159842
