Information System Security Officer (ISSO)

Job Description

Job Description

Evolver Federal is seeking an Information System Security Officer (ISSO) to support its Federal client in Springfield, VA in managing all aspects of security for assigned National Security Systems (NSS) to ensure the data stored, processed, and transmitted by the assigned system(s) is protected in accordance with the appropriate Agency policies and NIST 800-53 security controls.

The successful candidate will have previous experience as an ISSO and Security Control Assessor having documented the full scope of security documentation in support of the NIST 800-37 (Risk Management Framework (RMF). A strong foundation in the understanding of encryption and how encryption is applied to National Security Systems (NSS) is necessary.

Responsibilities

• Assess DHS NSS systems and provide recommendations for mitigating cyber risk.
• Utilize National Security Cyber Division (NSCD)-authorized tools to track compliance activities, approvals, and reporting.
• Create business-focused compliance reports detailing mission impact, asset evaluations, risk recommendations, and mitigation plans.
• Maintain documentation for all NSS compliance activities, including CISO and I&A requests.
• Monitor and review POAMs to ensure timely mitigation and closure.
• Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify risk and work with System Teams to develop a plan to mitigate security risk for assigned system(s).
• Provide analysis and feedback on security artifacts (SSPs, CPs, MOUs, MOAs, ISAs).
  • Provide analysis and feedback on DHS security artifacts when assigned to NSCD, to include but not limited to Memorandum of Understandings (MOU), Memorandum of Agreements (MOA), and Interconnection Security Agreements (ISA).
• Support internal and external audits (e.g., FISMA, GAO, OIG).
  • Provide responses in support of audits related to cybersecurity, including but not limited to FISMA Audits, Internal Control audits of Financial Systems, and external audit requests received from entities such as the General Accountability Office (GAO) or Office of the Inspector General (OIG).
• Compile data to support analysis and reporting in support of cyber risk compliance activities and activities stemming from Cybersecurity Supply Chain Risk Management (CSCRM).
• Create and maintain documentation from all NSS-related compliance activities, to include any incoming Chief Information Security Officer (CISO) and Information and Analysis (I&A) requests for information.
• Perform other duties as assigned by the Government.

Ability to work efficiently and effectively in a dynamic and fast-paced environment.

Basic Qualifications

• 5 years of related experience with Bachelor's degree or 8 years of overall related experience in a relevant field
• 1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.
• 1 year of experience with NIST SP 800-53, 800-37, CNSSI 1253, DHS 4300A/B
• 3 years' experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
• 3 years' experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
• 3 years' experience with government GRC tools such as Archer, IACS, CSAM, etc.
• CISSP or CISA
• Must have Top Secret//SCI clearance and/or ability to obtain clearance prior to start date

Preferred Qualifications

• 2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.
• Must have previous client-engagement experience.

Evolver is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

Company Description

Evolver is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.