25-1046: Information Security Systems Officer (ISSO)

• Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results.
• Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies.
• Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA).
• Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM.
• Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts.
• Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies.
• Monitor and execute operations and maintenance of information systems, including secure system disposal.
• Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans.
• Conduct vulnerability scans, review security reports, and implement remediation strategies.
• Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools.
• Ensure all security assessment and audit reports are properly uploaded in CSAM.
• Participate in configuration management processes, policy audits, and system log reviews.
• Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks.

• Minimum 5 years of experience as an ISSO.
• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience).
• Security or equivalent/higher-level certification (current).
• Strong understanding of Information Security Policies and Procedures.
• Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance.
• Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies.
• Proficiency in security tools, risk assessments, and vulnerability management.

• Knowledge of Security Incident Analysis and Forensics.
• Experience with Software Development Lifecycle (SDLC) security practices.
• Strong policy and memo writing skills.
• Effective problem-solving, time management, conflict resolution, and teamwork skills.
• Hands-on experience with CSAM, GRC tools, and automated security scanning tools.
• Ability to lead security compliance efforts across multiple systems.

Equal Employer/Veterans/Disabled

Navitas Business Consulting is an affirmative action and equal opportunity employer. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Navitas Human Resources.

Navitas is an equal opportunity employer. We provide employment and opportunities for advancement, compensation, training, and growth according to individual merit, without regard to race, color, religion, sex (including pregnancy), national origin, sexual orientation, gender identity or expression, marital status, age, genetic information, disability, veteran-status veteran or military status, or any other characteristic protected under applicable Federal, state, or local law. Our goal is for each staff member to have the opportunity to grow to the limits of their abilities and to achieve personal and organizational objectives. We will support positive programs for equal treatment of all staff and full utilization of all qualified employees at all levels within Navitas.

Powered by JazzHR

HTTsUV3ik8