Lead Information System Security Officer (ISSO)

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is seeking a Lead Information System Security Officer (ISSO) who will be dedicated to leading a team of ISSO and Security Analysts performing cyber risk management, security control analysis, continuous monitoring, and cybersecurity compliance services for a large federal agency. This will be a hybrid role reporting on-site with some capability to telework. The qualified individual will ideally be located in the Lakewood, CO area (Denver metro area) or Washington, DC / Reston, VA area (DC/MD/VA metro area). While this opportunity is contingent upon contract award, that doesn’t mean we can’t start a conversation now! 

What You'll Do

• Provide senior-level ISSO expertise and lead ISSO activities for a large, diverse enterprise with multiple security boundaries including both on-prem and FedRAMP cloud-hosted applications and services.
• Advise on Federal, departmental, and security regulations for functional and technical requirements.
• Prepare and update reports to ensure Federal Information Security Modernization Act (FISMA) and CPIC compliance.
• Collaborate with IT Program Managers to evaluate security requirements including architecture, hardware, software, telecommunications, and vulnerabilities.
• Manage security controls to ensure confidentiality, integrity, and availability of information.
• Integrate security into system development and define specifications.
• Review and improve system procurement requests for security considerations.
•  Implement security controls for Sensitive but Unclassified (SBU) information protections using authentication techniques, encryption, firewalls, and access controls.
• Conduct self-assessments and support the A&A process.
• Update System Security Plans (SSP) and document procedures.
• Serve as a key advisor on risk assessments and vulnerability mitigation.
• Maintain security controls through Continuous Monitoring practices.
• Update agency computing device inventory.
• Assist the System Owner in the development, testing, and maintenance of contingency plans, backup, and storage procedures.
• Document all procedures according to departmental standards.
• Monitor application, system, and security logs for threats and support incident response.
• Coordinate incident response for System Owners and agency ISSMs.
• Manage vulnerability scanning and patch management processes for all unit systems in alignment with the Continuous Monitoring plan/strategy.
• Support the security awareness, training, and education programs.
• Assist the ISSM in security-related duties.
• Perform technical controls assessments and application support.
• Review and produce vulnerability outputs and plans. 
• Support risk analysis and approval processes for deviation/exemption requests related to agency-wide policies, including Web Filtering, SSL Inspection, Data Loss Prevention (DLP), and IT Configuration Management and adherence to DOD STIGS and DOI STIGS for commonly used software.

Education + Requirements

• 9 years of relevant experience, or 
• AA/AS +7 years of relevant experience, or 
• BA/BS + 5 years of relevant experience, or 
• MA/MS +3  years of relevant experience 

Significant expertise, deep knowledge, and practical experience with:

• Risk Management Framework (RMF) 
• NIST Special Publications (800 series)
• FedRAMP / Cloud Service Providers (CSPs) - auditing, compliance, risk, assessment, etc.
• Federal Continuous Diagnostics and Mitigation (CDM) program structure, component tools/capabilities, and requirements
• Xacta Risk Management Platform (Xacta 360 / Xacta.io),
• Vulnerability Scanning/Assessment tool data/outputs (e.g. Tenable/Nessus),
• Web Application Scanning/Assessment tool data/outputs (e.g. Accunetix),
• Cloud services/platform compliance and assessment tools (i.e. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)),
• Splunk and/or Elastic for reviewing federal Continuous Diagnostics and Mitigation (CDM) program datasets (e.g. BigFix/HCL, Microsoft Defender for Endpoint, etc.) 

Security Clearance

• U.S. citizenship
• Ability to achieve Public Trust or higher government clearance.

Preferred Certifications

• CISSP (most preferred)
• CCSP, CIPP, CAP, CASP / GSLC / CISM / CSM, or other industry-standard security certifications

Desired other:

• Experience with web filtering , SSL inspection, DLP (Symantec DLP to Microsoft), UTM, or similar 

#LI-LC1
Who You Are A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.Intellectually curious with a genuine desire to learn and advance your career.An effective communicator, both verbally and in writing.Customer service-oriented and mission-focused.Critical thinker with excellent problem-solving skills If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Arephia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia values work-life balance and offers the following benefits to full-time employees: Comprehensive medical insurance to include dental and visionShort Term & Long-Term Disability 401k Retirement Savings Plan with Company MatchTuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.