Information Systems Security Officer

JOB NUMBER: 1536 | LOCATION: Bethesda, MD | CLEARANCE/ACCESS LEVEL: Public Trust

AMDEX.ai The Art of Data Science

We are a seasoned Full-spectrum data solutions firm. We deliver insights, strategies, data analytics, and technical expertise to accelerate data modernization. We specialize in data sciences and cloud solutions, application development and maintenance, program management, and health IT operations leveraging experience and trusted talent to solve the federal government’s most pressing business and technical challenges. Without you, it’s just data.

The Information Systems Security Officer (ISSO) is responsible for assuring all systems, components, and services supported for our NIH client comply with federal security policies, processes, and procedures. Work in collaboration with the the NIH IT security team to complete all Authority To Operate (ATO) activities, including implementing security assessments and authorizations (SA&A) of NIH systems, and ensuring that the processes for NIH systems continue to occur at the required intervals, or whenever major changes are implemented. Perform Oversight and Compliance Verification Assessment and Continuous Monitoring, Contingency Plan Development and Evaluation, Vulnerability Scanning and Auditing, and Security Program Assessment Support. Provide recommendations for improving security processes and procedures, and analyze existing IT security processes and procedures within the NIH to meet new IT security requirements.

Responsibilities:

• Perform security assessments of NIH general support systems, major and minor applications based on all applicable and current NIST, NIH, HHS, FISMA, and OMB regulations and policies.
• Produce, update and review security assessment report, security assessment plan, risk assessment, test plans, system security plan, contingency plan, and Security Control Assessment (SCA) testing report. 
• Document assessment activities and results in sufficient detail to enable external review of all findings, processes, activities, results and resolutions.
• Provide guidance and recommendations for corrective action of all non-compliant security controls.
• Develop, modify, and run automation scripts using tools such as Microsoft PowerShell.
• Use NIH Security Authorization Tool (NSAT) security assessment reporting tool.
• Utilize SIEM tools: Nessus/Tenable, Appscan, BigFix, JAMF, Cylance, CyberArk, and others
• Report critical vulnerabilities that need remediation to systems administrators and to NIH ISSO.
• Provide security expertise to ensure security controls are implemented and the resulting documentation is current.
• Conduct security testing and develop assessments of local area networks and components to ensure compliance with current security guidelines and requirements.
• Create and manage Plan of Action and Milestones (POA&M) and communication to system owners, system ISSOs, and authorizing officials.
• Develop and revises as needed all required system and application security documentation including: System Security Plans (SSPs), Rules of Behavior, Risk Assessments.
• Update all draft policies, procedures, and standards or identify non-existing policies, procedures and standards. as needed and at the recommendation of the Contracting Officer Representative (COR) and ITB Leadership. 
• Provide technical guidance and monitor application of security policies in the operational functions of administering and maintaining Windows Servers, Network Components, Desktop Administration, and day to day operation of NIH infrastructure.
• Create applicable security documentation as needed to support SA&A activities.
• Review, update, and create Privacy Impact Assessments on a yearly basis or as required by federal laws.
• Assist with preparation and coordination of contingency plan testing for GSSs and applications.
• Assist with exercise and/or documentation of IT COOP, Disaster Recovery, and other contingency documents or plans.
• Review and update security summary report and makes corrections prior to submission to the Department of Health and Human Services (DHHS).

Requirements:

• Bachelor’s degree in information technology, or equivalent. CISSP, CCSP, CISM, or equivalent training/certifications and 5-7 years of experience providing information security support. 
• Expertise in current NIST, NIH, HHS, FISMA, and OMB regulations and policies.
• Experience in providing technical guidance and monitor application of security policies in the operational functions of administering and maintaining Windows Servers, Network Components, Desktop Administration.

AMDEX Corporation offers a competitive salary package and attractive benefits package.

• Medical | Dental | Vision (Base plan employee premiums 100% company paid)
• Supplemental Health Plans
• Employer Paid Life and Disability Insurance, STD and LTD
• Employee Assistance Plan and Employee Discounts
• 11 Federal Holidays | PTO accrual with carryover
• 401(k) Plan with company match | Flexible Spending Accounts: Medical, Dependent, Transit
• Tuition Reimbursement & Training Assistance

EOE M/F/D/V