Information System Security Officer (ISSO)

Herndon, Virginia, United States

Applications have closed

CCRi

CCRi takes on technically challenging projects that give our clients the informational leverage they need to attain new levels of speed, accuracy, and productivity.

View company page

CCRi is seeking an Information System Security Officer (ISSO) . The selected candidate will serve as an Information System Security Officer (ISSO) for a major Federal IT application and Information system. The individual will be responsible for conducting structured security assessment and authorization activities. As a member of the Security Team, the candidate will review the technical, management and operational security controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the IT system's information technology and security solutions within SNOW. Must be well-versed in ICD 503, NIST 800-53, CNSSI 1253 and RMF process.

Position Responsibilities

  • Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
  • Develop documents such as System Security Plans (SSP), SCTM, RAR, ConMon Plan, Security Assessment Plans, Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL), Product Definition and User’s Guides (PUG), General User’s Guides (GUG), and other RMF related required documents. Ensure that the documents are completed, accurately reflecting the system environment, and in a timely manner to allow for Assessment and Authorization (A&A)
  • Ensure that Assessment and Authorization (A&A) documents, Plan of Action and Milestones (POA&M) and artifacts are maintained and updated in accordance with customer policy and procedures.
  • Manage A&A processes using Xacta, Archer, SNOW, eMASS etc.
  • Participate in the CBP change, configuration, and release management processes to ensure an appropriate security level is in the systems life-cycle.
  • Ensure that the ISSM is apprised of all pertinent security systems issues.
  • Oversee configuration management of assigned systems; auditing systems to ensure security posture integrity.
  • Assess the impacts on system modifications and technological advances.
  • Provide assessments and test/analysis data to document state of compliance with security requirements.
  • Conduct risk assessments and investigations, execute appropriate risk mitigations, and execute incident response activities
  • Conduct periodic hardware/software inventory assessments
  • Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
  • Be able to prepare a complete Assessment and Authorization (A&A) package leading to approval of a system Authorization to Operate (ATO).

Requirements

Basic Qualifications (Required Skills/Experience):

  • Current IAM Level 1 DoD 8140.01 (previously 8570.01) compliant certification (i.e. CAP, CND, Cloud+, HCISPP, Security+ CE, CISSP, GSLC, CCISO or CISM)
  • 3+ years of experience with cyber security policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series
  • 3+ years of experience in assessing and documenting test or analysis data to show cybersecurity compliance
  • 1+ years of experience in utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS

Preferred Qualifications (Desired Skills/Experience):

  • Bachelor's degree or equivalent work or military experience
  • Experience with RMF A&A applications such as XACTA, SNOW, eMASS
  • Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, CCISO or CISM)
  • 1+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
  • Demonstrated experience leading audits conducted by external stakeholders
  • Thorough understanding of network devices, TCP/IP and related Internet protocols.
  • Experience in one or more of the following fields: Information Systems Security, Information Technology, Database Management

• US Citizenship is required.

  • Clearance: Active TS: If you do NOT have the required clearance you will be automatically rejected. (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Benefits

The Company:

CCRi is a small engineering firm located in Charlottesville, Virginia. We develop and deploy novel machine-learning approaches to real problems at massive scale. Since 1992, we’ve been stopping bombs, predicting piracy, and guiding disaster relief.

  • Casual Work Environment
  • Intellectually Challenging Work
  • Health Insurance
  • Short Term Disability Insurance
  • Generous Defined Benefit Retirement
  • Very Flexible Vacation Policy
  • Want to know more? Check out our recruitment video: https://www.youtube.com/watch?v=W_b2EY1tlRM

The job description above is not intended to be comprehensive list. Responsibilities, activities, duties, and/or tasks may change or be assigned at any time.

CCRi is committed to a diverse and inclusive workforce because we know that our differences benefit our employees, our customers, and our community. We are proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, color, religion, age, sex, sexual orientation, gender identity, national origin, status as a an individual with a disability, status as a protected veteran, or any other applicable legally protected characteristics.

Tags: Audits CISM CISSP Clearance Cloud Compliance DAAPM DoD DoDD 8140 DoDD 8570 GSLC IAM ICD 503 Incident response Nessus NIST Risk Assessment Report Risk management SCAP SCTM Security analysis Security assessment Security Clearance System Security Plan TCP/IP Vulnerabilities

Perks/benefits: Career development Flex vacation Health care Insurance

Region: North America
Country: United States
Job stats:  7  1  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.