Information Systems Security Officer
Bethesda, MD, US
AMDEX Corp
JOB NUMBER: 1536 | LOCATION: Bethesda, MD | CLEARANCE/ACCESS LEVEL: Public Trust
AMDEX.ai The Art of Data Science
We are a seasoned Full-spectrum data solutions firm. We deliver insights, strategies, data analytics, and technical expertise to accelerate data modernization. We specialize in data sciences and cloud solutions, application development and maintenance, program management, and health IT operations leveraging experience and trusted talent to solve the federal government’s most pressing business and technical challenges. Without you, it’s just data.
The Information Systems Security Officer (ISSO) is responsible for assuring all systems, components, and services supported for our NIH client comply with federal security policies, processes, and procedures. Work in collaboration with the the NIH IT security team to complete all Authority To Operate (ATO) activities, including implementing security assessments and authorizations (SA&A) of NIH systems, and ensuring that the processes for NIH systems continue to occur at the required intervals, or whenever major changes are implemented. Perform Oversight and Compliance Verification Assessment and Continuous Monitoring, Contingency Plan Development and Evaluation, Vulnerability Scanning and Auditing, and Security Program Assessment Support. Provide recommendations for improving security processes and procedures, and analyze existing IT security processes and procedures within the NIH to meet new IT security requirements.
Responsibilities:
- Perform security assessments of NIH general support systems, major and minor applications based on all applicable and current NIST, NIH, HHS, FISMA, and OMB regulations and policies.
- Produce, update and review security assessment report, security assessment plan, risk assessment, test plans, system security plan, contingency plan, and Security Control Assessment (SCA) testing report.
- Document assessment activities and results in sufficient detail to enable external review of all findings, processes, activities, results and resolutions.
- Provide guidance and recommendations for corrective action of all non-compliant security controls.
- Develop, modify, and run automation scripts using tools such as Microsoft PowerShell.
- Use NIH Security Authorization Tool (NSAT) security assessment reporting tool.
- Utilize SIEM tools: Nessus/Tenable, Appscan, BigFix, JAMF, Cylance, CyberArk, and others
- Report critical vulnerabilities that need remediation to systems administrators and to NIH ISSO.
- Provide security expertise to ensure security controls are implemented and the resulting documentation is current.
- Conduct security testing and develop assessments of local area networks and components to ensure compliance with current security guidelines and requirements.
- Create and manage Plan of Action and Milestones (POA&M) and communication to system owners, system ISSOs, and authorizing officials.
- Develop and revises as needed all required system and application security documentation including: System Security Plans (SSPs), Rules of Behavior, Risk Assessments.
- Update all draft policies, procedures, and standards or identify non-existing policies, procedures and standards. as needed and at the recommendation of the Contracting Officer Representative (COR) and ITB Leadership.
- Provide technical guidance and monitor application of security policies in the operational functions of administering and maintaining Windows Servers, Network Components, Desktop Administration, and day to day operation of NIH infrastructure.
- Create applicable security documentation as needed to support SA&A activities.
- Review, update, and create Privacy Impact Assessments on a yearly basis or as required by federal laws.
- Assist with preparation and coordination of contingency plan testing for GSSs and applications.
- Assist with exercise and/or documentation of IT COOP, Disaster Recovery, and other contingency documents or plans.
- Review and update security summary report and makes corrections prior to submission to the Department of Health and Human Services (DHHS).
Requirements:
- Bachelor’s degree in information technology, or equivalent. CISSP, CCSP, CISM, or equivalent training/certifications and 5-7 years of experience providing information security support.
- Expertise in current NIST, NIH, HHS, FISMA, and OMB regulations and policies.
- Experience in providing technical guidance and monitor application of security policies in the operational functions of administering and maintaining Windows Servers, Network Components, Desktop Administration.
AMDEX Corporation offers a competitive salary package and attractive benefits package.
- Medical | Dental | Vision (Base plan employee premiums 100% company paid)
- Supplemental Health Plans
- Employer Paid Life and Disability Insurance, STD and LTD
- Employee Assistance Plan and Employee Discounts
- 11 Federal Holidays | PTO accrual with carryover
- 401(k) Plan with company match | Flexible Spending Accounts: Medical, Dependent, Transit
- Tuition Reimbursement & Training Assistance
EOE M/F/D/V
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security Audits Automation CCSP CISM CISSP Clearance Cloud Compliance Cyberark Data Analytics FISMA Jamf Monitoring Nessus NIST POA&M PowerShell Privacy Risk assessment Security assessment Security Assessment Report SIEM System Security Plan Vulnerabilities Windows
Perks/benefits: 401(k) matching Career development Competitive pay Flex vacation Health care Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cloud Security Architect jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Manager Pentest H/F jobs
- Open Security Operations Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Network Security Engineer jobs
- Open Information Security Architect jobs
- Open C-related jobs
- Open CISM-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DoD-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs
- Open IPS-related jobs
- Open Kubernetes-related jobs