Information System Security Officer (ISSO)

Our client, a prestigious Federal contractor, is seeking an Information System Security Officer (ISSO) and / or Alternate Information System Security Officer (AISSO) for one or more major federal IT information systems as a member of the customer directorate-s Security Team. Overall, you will be responsible for utilizing the NIST Risk Management Framework (RMF) and related Continuous Monitoring activities to maximize the security of their assigned system(s) and ensure compliance with Federal Information Security Management Act (FISMA) requirements and customer policies and processes.

Responsibilities

• Participate in program planning, prepare Authority to Test (ATT) and Significant Change (SC) documentation, and push these initiatives to completion.
• Review Nessus, WebInspect, and DBProtect security scans, communicate vulnerabilities to technical stakeholders, and track them to remediation.
• Proactively report security status and concerns to management and make recommendations as appropriate.
• Assist directorate with yearly audit responses and security-related data calls to upper management and DHS OCIO.
• Develop and update standard government security documentation such as System Security Plans, Contingency Plans, Interconnection Security Agreements, Risk Acceptances / Waivers, Privacy Threshold Analyses, Privacy Impact Assessments, Interconnection Security Agreements, waiver requests, and other ad-hoc documentation as needed.
• Review and approve / deny relevant system Change Requests as needed.
• Perform system audit log reviews in accordance with established policy requirements using Security Information and Event Management (SIEM) tools such as Splunk, Kibana, etc.

Required Skills