Information System Support Officer (ISSO)

Location: Primarily remote with availability for on-site meetings as required.

Responsible for maintaining the appropriate operational security posture for the Court’s information systems. The ISSO works in close collaboration with the Information System owner, Information System Security Manager (SSM), and management official to ensure a proper security posture is in place.

Key Responsibilities:

Security Assessment & Monitoring:

• Conduct regular security assessments and audits of information systems to identify and mitigate vulnerabilities.
• Monitor system activity for security incidents and anomalies.
• Analyze security logs and identify suspicious activity.
• Implement and maintain security controls, such as firewalls, intrusion detection systems, and antivirus software.

Security Policy & Compliance:

• Develop, implement, and maintain security policies, procedures, and standards for information systems.
• Ensure compliance with relevant security regulations and standards (e.g., NIST, ISO 27001, HIPAA).
• Provide guidance and training to users on security policies and procedures.

Risk Management:

• Conduct risk assessments to identify and evaluate potential threats and vulnerabilities.
• Develop and implement risk mitigation strategies.
• Maintain and update risk assessments on an ongoing basis.

Incident Response:

• Develop and maintain incident response plans.
• Investigate security incidents, collect and analyze evidence, and assist in the remediation process.
• Coordinate incident response activities with other relevant personnel (e.g., IT staff, legal counsel).

Communication & Collaboration:

• Communicate security issues and concerns to management and stakeholders.
• Collaborate with other ISSOs and security professionals to share best practices and lessons learned.
• Maintain effective communication with system owners and users.

• Minimum of 7 years of experience in an ISSO or equivalent role or a related cybersecurity field.
• Experience with security tools and technologies such as firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Endpoint Detection & Response (EDR), Zero Trust Security (ZTS), Data Loss Prevention (DLP), Security Information & Event Management (SIEM), vulnerability solutions & penetration testing.
• Experience with incident response and security investigations.
• Experience with risk management and compliance frameworks.
• Strong understanding of cybersecurity principles and best practices: Familiarity with common attack vectors, security frameworks, and regulatory compliance requirements.
• Knowledge of information systems and technologies: Understanding of operating systems, databases, networks, and other IT infrastructure components.
• Risk management and assessment skills: Ability to identify, assess, and mitigate security risks.
• Analytical and problem-solving skills: Ability to analyze security issues, identify root causes, and develop effective solutions.
• Excellent communication and interpersonal skills: Ability to communicate technical information clearly and concisely to both technical and non-technical audiences.
• Strong attention to detail and organizational skills: Ability to manage multiple tasks, prioritize effectively, and work independently.

Desired Qualifications:

• CompTIA Security : A foundational certification demonstrating a broad understanding of cybersecurity concepts and principles.
• Certified Information Systems Security Professional (CISSP): A globally recognized certification for information security professionals.
• GIAC certifications: A range of certifications offered by the GIAC (Global Information Assurance Certification) organization covering specific areas of cybersecurity (e.g., GCIH, GPEN, GCIA).
• Relevant industry-specific certifications: For example, certifications related to specific technologies or regulatory compliance requirements.

Clearance Requirement: Ability to obtain and maintain a Public Trust.

The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements.

Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include:

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - $2,500/year!

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.

In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.