Job Title: Sr Information System Security Officer
Posted by: TiSTA Science and Technology on Sep 24, 2020
Location:
Bethesda , MDJob Description:
Overview
TISTA is seeking a Senior Information Systems Security Officer (ISSO) / Information Security Engineer (ISE) to join their team in Washington, DC.
The Information Systems Security Officer will provide Security Assessment and Authorization (SA&A) support to the client and their IT systems within the agency's inventory. These systems are a combination of General Support Systems, Major Applications, Minor Applications and Subsystem at various impact levels. The ISSO/ISE will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), SA&A documentations and multiple reports, based on NIST guidelines and client's policies, procedures, and request. The ISSO/ISE will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and offer mitigation recommendations to any risks or threats.
This project supports a large Federal health-care agency is implementing a risk-based approach to cybersecurity that creates unity of effort across 20+ cybersecurity projects that are currently separate. One of the key challenges is defining an effective cybersecurity approach that works enterprise-wide, implementing multiple new cybersecurity tools, and driving the adoption of best practices, and data-driven processes across the stakeholder groups. The overall approach must continue to support the organization even as it adopts new technologies - like Cloud, High Performance Computing, and Machine Learning - to support its health-care research mission.
The Information System Security Officer will use a consultative approach to and a deep understanding of current technology and cybersecurity to analyze and consolidate technical requirements, develop data-driven dashboards that meet those requirements, and work collaboratively across various stakeholder groups to drive adoption. With knowledge of data visualization and analysis, the Senior Information System Security Officer will improve the quality of data for decision making, assist in dash-boarding, developing routines to automate and consolidate data collection from data calls, correlate metrics using ServiceNow and routine reporting, and identifying and tracking useful metrics. The Information System Security Officer will also develop and conduct training sessions, capturing and incorporating feedback to improve the quality of provided products over time. This person must be resourceful, detail-oriented, 100% client-focused, and possess a continuing passion for their profession.
Responsibilities
Demonstrates proficiency developing, maintaining and managing Security Authorizations and Assessments packages Experience developing and managing Plans of Action & Milestones (POA&M's) Experience conducting research and providing review recommendations on software and technologies to address vulnerabilities Experience reviewing vulnerability scans and providing mitigation techniques. Possess expertise conducting annual security control assessments Experienced writing security-related policies and procedures Possess experience conducting Contingency Plan testing Experience conducting audit log reviews Familiarity with NIST Special Publications and guidance Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
Qualifications
A minimum of ten (10) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field. Experience with leading and directing the work of others. Demonstrates proficiency with developing, maintaining and managing Security Authorizations and Assessments packages. Knowledge of standard concepts, practices, and procedures within program management. Experience with developing and managing Plans of Action & Milestones (POA&M's). A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems. Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment. Excellent documentation skills - redacted samples may be requested. Excellent oral and written communication skills.
Education:
Bachelor's degree or higher in computer science, Information Technology, Information Security, or similar fields. A minimum of at least one (1) certification must be active relating to information security such as: Certified Information Systems Security Professional (CISSP); GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.) CompTIA Security + CEH
Location:
Bethesda, MD
Clearance:
Public Trust
TISTA is seeking a Senior Information Systems Security Officer (ISSO) / Information Security Engineer (ISE) to join their team in Washington, DC.
The Information Systems Security Officer will provide Security Assessment and Authorization (SA&A) support to the client and their IT systems within the agency's inventory. These systems are a combination of General Support Systems, Major Applications, Minor Applications and Subsystem at various impact levels. The ISSO/ISE will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), SA&A documentations and multiple reports, based on NIST guidelines and client's policies, procedures, and request. The ISSO/ISE will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and offer mitigation recommendations to any risks or threats.
This project supports a large Federal health-care agency is implementing a risk-based approach to cybersecurity that creates unity of effort across 20+ cybersecurity projects that are currently separate. One of the key challenges is defining an effective cybersecurity approach that works enterprise-wide, implementing multiple new cybersecurity tools, and driving the adoption of best practices, and data-driven processes across the stakeholder groups. The overall approach must continue to support the organization even as it adopts new technologies - like Cloud, High Performance Computing, and Machine Learning - to support its health-care research mission.
The Information System Security Officer will use a consultative approach to and a deep understanding of current technology and cybersecurity to analyze and consolidate technical requirements, develop data-driven dashboards that meet those requirements, and work collaboratively across various stakeholder groups to drive adoption. With knowledge of data visualization and analysis, the Senior Information System Security Officer will improve the quality of data for decision making, assist in dash-boarding, developing routines to automate and consolidate data collection from data calls, correlate metrics using ServiceNow and routine reporting, and identifying and tracking useful metrics. The Information System Security Officer will also develop and conduct training sessions, capturing and incorporating feedback to improve the quality of provided products over time. This person must be resourceful, detail-oriented, 100% client-focused, and possess a continuing passion for their profession.
Responsibilities
Demonstrates proficiency developing, maintaining and managing Security Authorizations and Assessments packages Experience developing and managing Plans of Action & Milestones (POA&M's) Experience conducting research and providing review recommendations on software and technologies to address vulnerabilities Experience reviewing vulnerability scans and providing mitigation techniques. Possess expertise conducting annual security control assessments Experienced writing security-related policies and procedures Possess experience conducting Contingency Plan testing Experience conducting audit log reviews Familiarity with NIST Special Publications and guidance Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
Qualifications
A minimum of ten (10) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field. Experience with leading and directing the work of others. Demonstrates proficiency with developing, maintaining and managing Security Authorizations and Assessments packages. Knowledge of standard concepts, practices, and procedures within program management. Experience with developing and managing Plans of Action & Milestones (POA&M's). A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems. Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment. Excellent documentation skills - redacted samples may be requested. Excellent oral and written communication skills.
Education:
Bachelor's degree or higher in computer science, Information Technology, Information Security, or similar fields. A minimum of at least one (1) certification must be active relating to information security such as: Certified Information Systems Security Professional (CISSP); GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.) CompTIA Security + CEH
Location:
Bethesda, MD
Clearance:
Public Trust
Pay Rate:
Unspecified
HR. Website URL:
https://careers-tistatech.icims.com/jobs/search
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About TISTA Science & Technology Corporation
TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology (IT) and professional services to Federal and State agencies. TISTA is an Inc.500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology’s FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development. We offer expertise in cyber security, software and database development, engineering support, network and critical infrastructure protection, IT operations and maintenance, information assurance, identity and access management, certification & accreditation, enterprise security, disaster recovery planning, continuity of operations (COOP), risk management, IT architecture, IT Security Training Services and Program Management.
Please visit this employer's Public Profile to see more jobs offered by TISTA Science & Technology Corporation