What are the responsibilities and job description for the Information Systems Security Officers :: Washington, DC position at Ark Solutions?
Ark Solutions Inc is looking for Information Systems Security Officers!
Position : Information Systems Security Officers
Location : Washington, DC (Hybrid)
Duration : 36 Months and possibility of extension
Description :
Day-to-day Responsibilities :
Serve as the principal advisor to the information system owner (SO), ISSM, CISO on all matters (technical and otherwise) involving the security of assigned information systems.
Maintain detailed knowledge and expertise required to manage the security aspects of assigned information systems.
Ensure that the appropriate operational cybersecurity posture is maintained for assigned CAO systems to provide confidentiality, integrity, and availability of information systems. For each system assigned to an ISSO, the ISSO will be responsible to complete and keep updated the following security documentation :
Security Impact Analysis
Information Sensitivity Security Assessment
System Security Plan (SSP)
Plan of Action and Milestones (POA&M)
Information Technology Risk Acceptances
Configuration Management Plan
Supply Chain Risk Management Plan
Interconnection Security Agreements
Memorandums of Understanding
Information Data Exchange Agreements
Vulnerability Reports
Authorization Letters
Develop, update, and maintain the SSP for assigned systems.
Participate in planning and management of all phases of the House Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process.
Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems.
In coordination with SO team, develop standard operating procedures in accordance with security control requirements.
Perform continuous monitoring of implemented security controls to ensure that they are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems. Conduct continuous monitoring activities, to include : Maintenance of current ATO
o Ensuring proper sanitization of media prior to disposal
o Conducting log reviews
o Conducting periodic scans
o Conducting periodic system self-assessments
Work with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems.
Assess the cybersecurity impact of changes to assigned IT systems and document findings in a security impact analysis (SIA) report.
Conduct self-assessments of security controls, identify weaknesses and track remediation activities in POA&M.
Manage the plan of action and milestone (POA&M) process for designated IT systems to provide timely detection, identification and alerting of non-compliance issues. In coordination with System Owner staff, create POA&Ms or remediation plans for vulnerabilities identified during risk assessments, audits, inspections, etc.
Provide the required system access, information, and documentation to security assessment and audit teams.
Participate in security assessments and audits for assigned systems and facilitate evidence and / or data collection for data requests related to assigned systems.
Complete required A&A activities on assigned IT systems.
Brief senior management and ISSM on the security status of assigned authorization boundaries.
Perform other duties as assigned.
Required Skills :
Five (5) or more years of demonstrated experience performing systems security assessments, preparing system security documentation, and / or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.
Strong working knowledge and familiarity with NIST publications and privacy frameworks.
Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
Demonstrated experience supporting an industry risk management tool executing A&A activities.
Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.
Current and maintained certification in one or more of the following IT Security disciplines : Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.
Preferred Skills :
Splunk Engineer experience
Education :
Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
What is the career path for a Information Systems Security Officers :: Washington, DC?
Sign up to receive alerts about other jobs on the Information Systems Security Officers :: Washington, DC career path by checking the boxes next to the positions that interest you.
Not the job you're looking for? Here are some other Information Systems Security Officers :: Washington, DC jobs in the Washington, DC area that may be a better fit.
We don't have any other Information Systems Security Officers :: Washington, DC jobs in the Washington, DC area right now.
