Information System Security Officer (ISSO)

Our Springfield VA based client is looking for Information System Security Officer (ISSO). If you are qualified for this position, please email your updated resume in word format to lli@base-one.com Required Education / ExperienceBachelor Degree in Computer Science, IT, Information / Cyber Security field from an accredited college or university Primary ResponsibilitiesManage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systemsConduct both technical and non-technical internal audits and testing to validate system and operational requirements complianceUse workflows to develop security artifactsDocument, organize and implement security control requirementsIdentify current and new risksPrepare vulnerability test plans and coordinate the testing and result proceduresAssess customer based solutions and provide recommendations for any improvements to current security postureAbility to review and write security related policies and procedures Basic QualificationsMust have an active DoD Secret Clearance. In addition to the specific clearance requirement, all personnel supporting CBP must have a current background investigation (BI) or obtain a favorable BI before joining the program.Minimum of 5 years of experience as an ISSO supporting major federal information systems / applicationsKnowledge with auditing security controls and financial processesSuperior writing, communication and critical analysis skillsDeep understanding of Information Assurance, Information Technology and Information Management concepts, processes and proceduresAdvanced Experience / Knowledge with the following : NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processesNIST 800-53 security controls and required documentationSecurity controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiativesFederal Risk and Authorization Management Program (FedRAMP) for authorization of cloud servicesEnterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and proceduresPOA&M Management and Risk Management Framework (RMF)Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelinesReviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendationsReviewing vulnerability scan results Requirement CertificationsCompTIA Security Preferred QualificationsISC2 Certified Cloud Security Professional certification (CCSP)Familiar with IT system administration / engineering