Information System Security Officer

You've stumbled upon the rare B Corp government contractor! At TCG, we aim to prove that businesses can be good to their employees and responsible to their community while being profitable. We're an award-winning IT solutions provider to the Federal government seeking an Information System Security Officer (ISSO) to join our team.

US Citizenship is required for this role. In addition, the selected applicant must submit to a government background investigation and be favorably adjudicated before their first day.

This position is primarily remote but may require occasional in-person meetings. The selected applicant must live within commuting distance of Washington, D.C.

The ISSO will work with our operational teams and Information System Security Manager (ISSM) to maintain the security posture and ensure the implementation and maintenance of security controls in accordance with security plans and regulations..

RESPONSIBILITIES:

• Prepares critical documentation such as System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrixes (SRTMs), ensuring alignment with NIST standards.
• Implement and maintain security controls in accordance with NIST 800-53.Conduct regular security assessments and vulnerability scans to identify and mitigate risks, adhering to NIST guidelines.
• Monitor security logs and events, identify and report potential security incidents, and utilize NIST incident handling guidelines.
• Providing support for information assurance programs.
• Proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
• Tracking, reporting, and providing recommendations on Plan of Action & Milestones (POA&M).
• Conducting security impact analyses (SIA) for planned changes and/or deployments.
• Maintaining Federal Information Security Modernization Act (FISMA) inventory records.

REQUIRED EXPERIENCE & SKILLS:

• A minimum of 5 years of experience in an IT Security team, with at least 2 years as an ISSO
• Hands-on experience implementing and monitoring security controls as defined in NIST 800-53, Revision 5.
• Familiarity with security assessment tools and techniques for validating compliance with NIST security controls.
• Knowledge of NIST 800-61, NIST 800-171.
• Experience with SIEM systems and log analysis, correlating events to NIST security controls.
• Working knowledge of security-focused enterprise toolsets such as Fortigate firewalls and related products, Tenable SC/IO/Nessus
• Experience developing customized reports and dashboards
• Demonstrated ability to learn new technologies and skills
• Demonstrated ability to communicate effectively, both orally and in writing
• Ability to work directly with clients at all levels of an organization, including high-level internal and external stakeholders
• Independent problem-solving skills, strong analytical abilities, creativity, and a clear appreciation of end customer needs
• Expertise in IT security implementation and compliance in a Federal government environment
• One to two years of experience working with monitoring tools
• Independent problem-solving skills, strong analytical abilities, creativity, and a "helping others helps us all" personality
• Proficiency with MS Excel, MS Word, and other MS Office applications

PREFERRED EXPERIENCE & SKILLS:

• Certifications such as CISSP, CISM, or equivalent.
• Experience working in a government or regulated environment.
• Knowledge of FedRAMP and its relationship to NIST publications.
• Experience with Atlassian tools, including Jira
• Experience with information gathering and information monitoring, working knowledge of Risk Management Framework (RMF), National Institute of Standards and Technology Special Publications (NIST SP 800-53)
• Working knowledge of web security best practices
• Programming/development experience with Python or comparable language
• Ability to create system documentation for ongoing system management

EDUCATION:

• Bachelor's degree is preferred. Ideally in Computer Science, Information Technology, or a related field. Experience may be substituted in the absence of a degree

TCG does not discriminate based on race, sex, color, religion, national origin, age, disability, caste, or veteran status.

Our B Corp mission is reflected in our benefits, including offerings like health care, 401K, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget. There's more, see for yourself.

TCG is recognized for treating employees well, in fact, in 2024 The Washington Post named TCG as a "Top Workplace" for the tenth straight year based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff achieves. Our CEO was ranked best, by TCG employees' votes, among all midsize companies in the Washington Post Top Workplace survey.

Try us ... we'll make you happy.

Internal title/grade: System Engineer, E2
Salary Range: $95,000 -$115,000