Information Systems Security Officer (ISSO)

At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

We are looking for a Cybersecurity Risk Expert (ISSO) to support a large enterprise Cyber Risk Management team to design and administer procedures in the organization that sustains the security of the organization’s data and access to its technology and communications systems.

This job is located in Merrifield, VA, with some remote capability during the pandemic at the discretion of the customer. Preferred candidates will live within a commutable distance to Fall Church, Virginia

What You'll Do

• Support the execution of product cybersecurity elements across global programs and services.
• Will work with multiple security, IT and engineering leadership/stakeholders and a variety of security, IT and engineering technical resources to identify and plan physical and cybersecurity work to meet/exceed corporate initiatives.
• Follow and develop procedures to assist in the vulnerability scans and/or implementation of security measures and controls
• Provide security analysis process by applying security principles, methods (e.g., risk assessment, systems security planning, disaster recovery planning) and tools
• Review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes, and document upgrades.
• Identify organization risks, prioritize those risks, and maintain a risk registry for escalating.
• Execute business impact assessments and system security reviews using a formal C&A structure.
• Assess external cybersecurity risks to an organization either through customer or supplier interaction
• Follow and determine audit policy and reporting mechanisms for ensuring compliance with IA/IS standards by keeping current with IA/IS requirements.
• Develop risk management by creating plans, procedures, protocols, and evaluation measures and ensuring there are desired levels of enterprise-wide IA/IS.

Requirements

Education + Experience

• A Bachelor's Degree in Computer Science, Engineering, similar technical discipline or equivalent experience
• 10 + years experience
• Ability to actively lead and manage project update briefings, working sessions and stakeholder meetings
• Familiarity and experience with risk quantification practices and techniques
• Ability to work independently without direct supervision
• Ability and proven experience to manage a Risk Management program
• Experience with systems engineering discipline
• Strong analytical/assessment capability (e.g., conducting cybersecurity gap analyses, risk assessments)
• Experience providing regulatory and organizational performance reports; communicating system status and user behavior analytics to include Plans of Actions and Milestones (POA&Ms)
• Ability to understand and learn the technical specifications, system requirements and other application design information as needed to meet customer mandates.

Certifications

• Possesses a current active industry standard certificate in the information security/assurance field: e.g. Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Authorization Professional (CAP)

Security Clearance Requirements

• U.S. Citizenship required
• Ability to obtain Public Trust (or higher) government clearance

Who You Are

• A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
• Intellectually curious with a genuine desire to learn and advance your career.
• An effective communicator, both verbally and in writing.
• Customer service-oriented and mission-focused.
• Critical thinker with excellent problem-solving skills.

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

MPORTANT: This position may be subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19, which the Federal Government is not enforcing at this time.

Benefits

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.