"Alerted.org

ISSO

Job ID: ATR 17767

Job Description

Job Title: ISSO

Eligibility: Candidate must possess an active TS/SCI clearance

Job Description:

Develop and coordinate all authorization documentation associated

including the Systems Categorization, Systems Security Plan, and Systems

risk assessment

- Support the control assessment, reporting and monitoring processes

using the Cyber Security and Assessment Management (CSAM) system

- Assist the component with staying on track with Core Controls and

A-123 control assessment schedules

- Work with components to ensure each Risk Based Decisions (RBD's) has

a current Waivers.

- Coordinate with CSS Customer Liaison support, including status of

the process and POA&Ms.

- Support and document security controls tests, assist in remediation

and ensure that POA&Ms are being appropriately managed.

- Develop or update the Business Continuity and Contingency Plan for

the component.

- Assist the components with decisions that affect security of their

systems and networks.

- Facilitate preparations for the tri-annual Security Assessment and

Authorization (SA&A) component's Information System.

- Conduct assessments of information systems security requirements,

evaluate current security posture and recommend priorities for

remediation.

- Review information system infrastructure and application

architecture to assess security requirements

- Review existing SA&A documentation, Security Assessment Report and

security infrastructure (i.e. IDS, firewalls, vulnerability scan

tools, etc.)

- Assess NIST 800-53, Rev 4. Control and document results

- Evaluate and strengthen standard SA&A Documentation

- Perform and document risk assessments, analyzing security

vulnerabilities, and the metrics to measure the risks associated

with those vulnerabilities;

- Based on the risk profile of the analyzed systems, development and

documentation of a Plan of Action and Milestones (POA&M) for

mitigating those risks;

- Design and development of comprehensive Systems Security Plan,

covering at a high level the infrastructure, policies and procedures

which define the systems security profile for the analyzed systems;

- Development of Systems Security Users Guides specific to selected

networks, desktop computers, servers and data base systems; Design,

development, and validation of System Test and Evaluation (ST&E)

reviews for new and/or legacy systems.

- Review and conduct NIST-based Self Assessments, identifying any

weaknesses which need to be addressed, and developing a POA&M for

each of those weaknesses based on industry best practices.

- Design and development of Initial Privacy Assessment (IPA) and

Privacy Impact Assessments (PIAs) for each major Federal Government

IT Systems Developing and conducting System Test and Evaluations

(ST&Es) and Independent Verification and Validation (IV&Vs) of the

security profiles of Federal Government IT Systems

- Conduct OMB A-123 security assessments of Federal Government IT

Systems.

Required Skills

• Bachelor's Degree in Computer Science or related technical discipline,

or the equivalent combination of education, technical certifications or

training, and work experience

• 8+ years' experience performing systems security assessments,

preparing system security documentation, and/or performing security

upgrades for live networks, desktop systems, servers, and enterprise

data bases leading to successful certification and accreditation or

security authorization of such systems.

• 8+ years' experience assessing and enhancing IT systems security

policies and procedures in response to the regulatory requirements

associated with Federal and International standards.

• 8+ years IT Security experience with extensive knowledge in security

regulations and security assessments having developed numerous security

C&A (or SA&A) and ATO on a range of systems including classified systems

• Strong working knowledge with NIST Special Publications and the NIST

SP 800-37 SA using CSAM system

• TS/SCI clearance required and eligibility to obtain/maintain a CI Poly

• Current certification in one or more of the following IT Security

disciplines:

o ISACA - Certified Information Systems Auditor (CISA)

o ISACA - Certified in Risk and Information Systems Control (CRISC)

o ISACA - Certified Information Security Manager (CISM)

o ISACA - Certified in Governance of Enterprise IT(CGEIT)

o (ISC)2 - Certified Information Systems Security Professional (CISSP)

o (ISC)2 - Certified Authorization Professional (CAP)

US Citizenship Required

First Name

Required

Last Name

Required

Email Address

Required

Phone Number

CountryNoneAfghanistanÅland IslandsAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBritish Virgin IslandsBruneiBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCongo-BrazzavilleCook IslandsCosta RicaCôte d'IvoireCroatiaCubaCuraçaoCyprusCzechiaDemocratic People's Republic of KoreaDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland IslandsFaroe IslandsFederated States of MicronesiaFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHondurasHong KongHungaryIcelandIndiaIndonesiaIraqIrelandIslamic Republic of IranIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMacedoniaMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorthern Mariana IslandsNorwayOmanPakistanPalauPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRepublic of KoreaRepublic of MoldovaReunionRomaniaRussiaRwandaSaint BarthelemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint Maarten (Dutch part)SlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaState of PalestineSudanSurinameSvalbard and Jan MayenSwazilandSwedenSwitzerlandSyriaTaiwanTajikistanThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluU.S. Virgin IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited Republic of TanzaniaUnited StatesUnited States Minor Outlying IslandsUruguayUzbekistanVanuatuVaticanVenezuelaVietnamWallis and FutunaWestern SaharaYemenZambiaZimbabwe

State/ProvinceNone

City

ZIP/Postal Code

Resume

Choose File...

Required, maximum file size is 512KB, allowed file types are doc, docx, pdf, odf, and txt

Message

Success!

Your application was successfully sent!