Information System Security Officer (ISSO)
United States
Applications have closed
Title: Information System Security Officer (ISSO)
Location: Remote
Key Responsibilities:
Security Compliance:
- Ensure compliance with federal security regulations and standards, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
- Implement and enforce security controls and policies to protect sensitive data and ensure the integrity of the ACL cloud platform.
Risk Management:
- Conduct risk assessments and vulnerability scans to identify security risks and gaps in the cloud infrastructure.
- Develop and implement risk mitigation strategies to address identified vulnerabilities and enhance overall security posture.
Security Documentation:
- Maintain and update security documentation, including security plans, policies, procedures, and system security plans (SSPs), in accordance with federal requirements.
- Ensure that security documentation accurately reflects the current state of the ACL cloud platform and is readily available for audits and inspections.
Security Monitoring and Incident Response:
- Monitor security logs and alerts to detect and respond to security incidents and threats in a timely manner.
- Coordinate incident response activities, including investigation, containment, and remediation, in collaboration with internal and external stakeholders.
Access Control Management:
- Manage user access to the ACL cloud platform, ensuring that access privileges are granted based on the principle of least privilege.
- Conduct periodic access reviews and audits to ensure compliance with security policies and regulations.
Security Training and Awareness:
- Develop and deliver security awareness training programs for ACL staff and stakeholders to promote a culture of security awareness.
- Provide guidance and support to users on security best practices and procedures.
Security Assessment and Authorization (SA&A):
- Support the SA&A process for the ACL cloud platform, including preparing security documentation, participating in security assessments, and addressing findings and recommendations.
- Work with the Authorizing Official (AO) and other stakeholders to obtain and maintain authorization to operate (ATO) for the cloud platform.
Continuous Improvement:
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices in cloud security.
- Identify opportunities for process improvements and automation to enhance security effectiveness and efficiency.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, Security+) are preferred.
- A minimum of 5-7 years of experience in information security, with a focus on cloud platforms and federal government projects, preferably within health and human services.
- In-depth knowledge of cloud security principles, architectures, and best practices for platforms such as AWS, Azure, or Google Cloud.
- Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM solutions, and endpoint protection.
- Strong understanding of federal security standards and regulations, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
- Experience ensuring compliance with these regulations and conducting security audits and assessments.
- Proven experience in managing security incidents, including detection, response, remediation, and documentation.
- Ability to coordinate incident response activities and communicate effectively with stakeholders during security incidents.
- Experience managing user access to cloud platforms, including role-based access control (RBAC) and access review processes.
- Familiarity with identity and access management (IAM) solutions and best practices.
- Strong writing skills with the ability to create clear, concise, and accurate security documentation, including SSPs, security plans, and policies.
- Ability to obtain a Public Trust
Professional Skills:
- Sound business ethics, including the protection of proprietary and confidential information.
- Ability to work with all levels of internal staff, as well as outside clients and vendors.
- Strong stakeholder management, including advising and influencing clients regarding process improvement initiatives, and working positively.
- Skilled communicator with clients and employees.
- Excellent verbal, interpersonal and written communication skills.
- Strong analytical, problem-solving, and decision-making capabilities.
- Team player with the ability to work in a fast-paced environment.
- Demonstrated outstanding level of professionalism in providing client support, including ability to exercise good judgment, discretion, tact, and diplomacy.
#WHYPBG
PBG is a leading small business provider specializing in Strategy and Design and Digital Transformation services for National Security and Federal Civilian clients.
We have successfully built a company culture based on our single most important asset - our employees. At PBG we are passionate about employee engagement and make it our business to provide our employees a range of challenging and rewarding opportunities that align with business strategy, promote teamwork and inspire innovation. A job is where you are spending most of your day, so PBG believes in making it a fun, collaborative, and productive environment. We want our employees to have the opportunity to grow and be part of a company that is making a lasting contribution to our customers.
Benefits:
- 401K Retirement Plan
- Medical Plan options with significant financial investments from PBG
- Prescription benefit plan
- Dental and Vision coverage
- Employee Assistance Program
- Short term / Long-term disability
- Supplemental group life and AD&D options
- Yearly Bonuses
- Generous Paid Time Off / Paid Holidays
- Career/Professional Development Program
- Spot Bonus Program
Diversity & Inclusion
PBG celebrates diversity and is proud to provide Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetics, disability, or protected veteran status. In addition to federal law requirements, PBG complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities
Disclaimer:
This job description reflects management's assignment of essential job functions but is not intended to be a comprehensive list of all activities, duties and responsibilities required by the job incumbent. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation AWS Azure CISM CISSP Cloud Compliance Computer Science FedRAMP Firewalls FISMA GCP HIPAA IAM IDS Incident response Intrusion detection IPS Monitoring Risk assessment Risk management Security assessment SIEM Strategy System Security Plan Vulnerabilities Vulnerability scans
Perks/benefits: 401(k) matching Career development Flex vacation Health care Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs