Information Systems Security Officer (ISSO)
Denver, CO
Applications have closed
Who We’re Looking For (Position Overview)
Spry Methods is seeking an Information Systems Security Officer (ISSO) to support a contract in Denver (Lakewood), CO. The United States Bureau of Reclamation (BOR) Enterprise Information Management & Technology Office (EIMT) is responsible for program coordination, execution, and oversight of all areas of Information Management and Technology (IMT) across the Bureau. The EIMT ensures IT is acquired, managed, and secured for Reclamation in accordance with the Clinger-Cohen Act, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, OMB guidance and Departmental objectives. The Information Security Officer (ISSO) is a member of the governance, risk, and compliance (GRC) Program under the EIMT Enterprise Operations Division (EOD).
What Your Day-To-Day Looks Like (Position Responsibilities)
- Ensure implementation of security controls and risk mitigation measures in line with the National Institute of Standards and Technology (NIST) 800 Series Publications, the Federal Information Security Management Act (FISMA), and the System Development Life Cycle (SDLC) Best Practices.
- Liaise with relevant Operations Team(s), Developers, Project Managers, and System Owners to conduct regular security risk assessments on BOR Information Systems (IS), ensuring compliance with NIST Risk Management Framework and related Authorization to Operate (ATO) requirements.
- Provide consultation to the Operations Team(s) and Developers in the design, develop and implementation of FISMA compliant solutions that meet current and future business requirements and enhance and optimize the existing security architectures.
- Ensure that the continuous monitoring requirements of BOR Information Systems (IS) are met.
- Collaborate with the various IT stakeholders to ensure continuous system security improvement and to provide awareness on the system security posture.
- Prepare Plans of Action and Milestones (POA&M) based on findings and recommendations of security assessments, excluding any remediation actions taken.
- Conduct annual 1/3 security control assessments (Internal Control Reviews) as defined in the FISMA Security Assessment Plan.
- Handle all documents related to NIST 800 requirements, including the preparation and filling of all relevant Authorization to Operate (ATO) packages and security artifacts during planned security assessments or audits.
What You Need to Succeed (Minimum Requirements)
- Must be able to possess and maintain a U.S. Office of Personnel Management (OPM) Public Trust Security Clearance.
- Analytical and technical skills.
- Current professional certification (e.g., CISSP, CISM, CISA, CAP), or willingness to obtain certification within 6 months of employment start date.
- 3 years of experience performing security testing, security control assessments, and/or security configuration testing.
- 3 years of experience and expert knowledge of the NIST Cybersecurity Framework, Risk Management Framework, FIPS, and other NIST A&A publications.
- Develop, design, engineer and implement the necessary security controls in line with the National Institute of Standards and Technology (NIST) 800 series standards, and the Federal Information Security Management Act (FISMA).
- Strong project management, time management, and work sequencing skills.
- Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates, both written and verbal.
- Effective technical writing and documentation processing skills.
Ideally, You Also Have (Preferred Qualifications)
- A Bachelors Degree in Computer Science, Engineering, or Mathematics.
- Familiar with the cloud environments (services/security) and FedRAMP A&A process.
- Strong technical knowledge with Windows, Linux, legacy systems, databases, web servers/ applications, cloud and virtualization environments.
- Strong knowledge of the System Development Life Cycle (SDLC) and its application in the development of technology solutions.
COVID-19 Vaccination RequirementThe COVID-19 vaccination requirement stated in Executive Order 14042 and FAR 52.223-99 is currently not implemented, however, please note that if E.O. 14042 or other related requirements become effective, positions will require successful candidates/employees to obtain and show proof of COVID-19 vaccination(s). Spry is an equal opportunity employer and will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.
EEO StatementAt Spry, we believe talented and dedicated employees are our most valued assets and the foundation of our success. We are committed to crafting a diverse and inclusive workplace that endorses engagement, creativity, quality and innovation.
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.
Tags: Agile Audits CISA CISM CISSP Clearance Cloud Compliance Computer Science FedRAMP FISMA Governance Linux Mathematics Monitoring NIST Risk assessment Risk management SDLC Security assessment Security Clearance Windows
Perks/benefits: Career development Health care Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs