ISSO – Information System Security Officer - Lead

ECS is seeking an ISSO – Information System Security Officer - Lead to work in our Suitland, MD office.

The duties of the candidate will include the following:

• Lead team of ISSOs at government agency, ensuring that they perform professionally, and in accordance with established quality standards.
• Serve as the primary Information System Security Officer (ISSO) for designated systems, ensuring compliance with applicable laws, regulations, and policies, including NIST publications, FISMA, and applicable government security directives.
• Implement and enforce security policies, procedures, and controls as outlined in the system security plan (SSP).
• Conduct regular security assessments and vulnerability scans to identify and mitigate potential risks.
• Develop, review, and update security documentation, including system security plans, risk assessments, etc.
• Update implementation descriptions of security safeguards in agency's Governance Risk and Compliance (GRC) tool and ensure that all required artifacts corresponding to the different stages of the Risk Management Framework (RMF) are in order and uploaded.
• Respond to security incidents and breaches, conduct thorough investigations and implement corrective actions.
• Provide security awareness training to system users.
• Collaborate with other IT and security personnel to ensure the overall security posture of the organization.
• Stay abreast of emerging threats and vulnerabilities and recommend appropriate security measures.
• Participate in security audits and reviews.
• Provide guidance and support to other ISSOs and security personnel.
• Conduct security analysis of reference models, segment and solution architectures, and the resulting systems supporting missions and business processes.
• Provide support to ISSOs responsible for implementing and maintaining security in Agency systems.
• Serve as primary liaison between the Office of Information Security (OIS), Information System Owner (SO), Common Control Providers, and Information Owner for coordination and dissemination of information on technical security and risk-related matters.
• Verify applications and support systems meet information security policies, including continuous vulnerability scans, patch management, and configuration management.
• Ensure compliance with requirements concerning the use of commercial and open-source software through the Standards Working Group (SWG).
• Assist with reporting and investigating information security incidents to the Security Operations Center (SOC) and gather pertinent information or provide requested services in support of incident handling.
• Identify the security categorization and control selection of the information system to determine the potential adverse impact in the event of a security breach, following the established methodology for execution of these activities, stipulated in internal ISSO guides and other RMF policies and methodologies
• Perform real-time monitoring of assigned information systems through dashboarding capabilities to support continuous monitoring.
• Regularly review the security posture and prepare status update Security Posture Report with adjusted metrics accordingly as identified.
• Coordinate with stakeholders to document and implement common controls and facilitate discussions with Program Areas to maintain and expand common control providers, as needed.
• Coordinate Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs).
• Review tiered information security reports for the information system and participate in briefings with the system owner, Chief Information Security Officer (CISO), and Authorizing Officials, including the Chief Information Officer (CIO).

Salary Range: $138,000 - $149,000

General Description of Benefits

Requirements:

• Bachelor's degree or higher.
• 7-10 years of experience in Cybersecurity Assurance/ISSO Support.
• Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, information systems audit process, IT government and management, information systems acquisition, development, implementation, operations, maintenance, and service management, protection of information assets, and information security governance.
• Certified Information Systems Security Professional (CISSP) certification OR Certified in Governance Risk and Compliance (CGRC).
• Active Secret Clearance (Interim acceptable).

Req Benefits: Pay Transparency In order to support the Fair Compensation Strategy by the US Govt., HR Dept., clients are required to adhere to "Pay Transparency Law"; in the impacted states; that have mandated the employers to list the salary ranges in Job advertisements or postings for job opportunities and Job promotions.