Information System Security Officer (ISSO)

Title: Information System Security Officer (ISSO)

Location: Remote

Key Responsibilities:

Security Compliance:

• Ensure compliance with federal security regulations and standards, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
• Implement and enforce security controls and policies to protect sensitive data and ensure the integrity of the ACL cloud platform.

Risk Management:

• Conduct risk assessments and vulnerability scans to identify security risks and gaps in the cloud infrastructure.
• Develop and implement risk mitigation strategies to address identified vulnerabilities and enhance overall security posture.

Security Documentation:

• Maintain and update security documentation, including security plans, policies, procedures, and system security plans (SSPs), in accordance with federal requirements.
• Ensure that security documentation accurately reflects the current state of the ACL cloud platform and is readily available for audits and inspections.

Security Monitoring and Incident Response:

• Monitor security logs and alerts to detect and respond to security incidents and threats in a timely manner.
• Coordinate incident response activities, including investigation, containment, and remediation, in collaboration with internal and external stakeholders.

Access Control Management:

• Manage user access to the ACL cloud platform, ensuring that access privileges are granted based on the principle of least privilege.
• Conduct periodic access reviews and audits to ensure compliance with security policies and regulations.

Security Training and Awareness:

• Develop and deliver security awareness training programs for ACL staff and stakeholders to promote a culture of security awareness.
• Provide guidance and support to users on security best practices and procedures.

Security Assessment and Authorization (SA&A):

• Support the SA&A process for the ACL cloud platform, including preparing security documentation, participating in security assessments, and addressing findings and recommendations.
• Work with the Authorizing Official (AO) and other stakeholders to obtain and maintain authorization to operate (ATO) for the cloud platform.

Continuous Improvement:

• Stay up-to-date with the latest security threats, vulnerabilities, and best practices in cloud security.
• Identify opportunities for process improvements and automation to enhance security effectiveness and efficiency.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, Security+) are preferred.
• A minimum of 5-7 years of experience in information security, with a focus on cloud platforms and federal government projects, preferably within health and human services.
• In-depth knowledge of cloud security principles, architectures, and best practices for platforms such as AWS, Azure, or Google Cloud.
• Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM solutions, and endpoint protection.
• Strong understanding of federal security standards and regulations, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
• Experience ensuring compliance with these regulations and conducting security audits and assessments.
• Proven experience in managing security incidents, including detection, response, remediation, and documentation.
• Ability to coordinate incident response activities and communicate effectively with stakeholders during security incidents.
• Experience managing user access to cloud platforms, including role-based access control (RBAC) and access review processes.
• Familiarity with identity and access management (IAM) solutions and best practices.
• Strong writing skills with the ability to create clear, concise, and accurate security documentation, including SSPs, security plans, and policies.
• Ability to obtain a Public Trust

Professional Skills:

• Sound business ethics, including the protection of proprietary and confidential information.
• Ability to work with all levels of internal staff, as well as outside clients and vendors.
• Strong stakeholder management, including advising and influencing clients regarding process improvement initiatives, and working positively.
• Skilled communicator with clients and employees.
• Excellent verbal, interpersonal and written communication skills.
• Strong analytical, problem-solving, and decision-making capabilities.
• Team player with the ability to work in a fast-paced environment.
• Demonstrated outstanding level of professionalism in providing client support, including ability to exercise good judgment, discretion, tact, and diplomacy.

#WHYPBG

PBG is a leading small business provider specializing in Strategy and Design and Digital Transformation services for National Security and Federal Civilian clients.

We have successfully built a company culture based on our single most important asset - our employees. At PBG we are passionate about employee engagement and make it our business to provide our employees a range of challenging and rewarding opportunities that align with business strategy, promote teamwork and inspire innovation. A job is where you are spending most of your day, so PBG believes in making it a fun, collaborative, and productive environment. We want our employees to have the opportunity to grow and be part of a company that is making a lasting contribution to our customers. 

Benefits:

• 401K Retirement Plan
• Medical Plan options with significant financial investments from PBG
• Prescription benefit plan
• Dental and Vision coverage
• Employee Assistance Program
• Short term / Long-term disability
• Supplemental group life and AD&D options
• Yearly Bonuses
• Generous Paid Time Off / Paid Holidays
• Career/Professional Development Program
• Spot Bonus Program

Diversity & Inclusion

PBG celebrates diversity and is proud to provide Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetics, disability, or protected veteran status. In addition to federal law requirements, PBG complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities

Disclaimer:

This job description reflects management's assignment of essential job functions but is not intended to be a comprehensive list of all activities, duties and responsibilities required by the job incumbent. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.