Information Systems Security Officer (ISSO)
Who We’re Looking For (Position Overview)
Spry Methods is seeking an Information Systems Security Officer (ISSO) to support a contract in Denver (Lakewood), CO. The United States Bureau of Reclamation (BOR) Enterprise Information Management & Technology Office (EIMT) is responsible for program coordination, execution, and oversight of all areas of Information Management and Technology (IMT) across the Bureau. The EIMT ensures IT is acquired, managed, and secured for Reclamation in accordance with the Clinger-Cohen Act, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, OMB guidance and Departmental objectives. The Information Security Officer (ISSO) is a member of the governance, risk, and compliance (GRC) Program under the EIMT Enterprise Operations Division (EOD).
What Your Day-To-Day Looks Like (Position Responsibilities)
- Ensure implementation of security controls and risk mitigation measures in line with the National Institute of Standards and Technology (NIST) 800 Series Publications, the Federal Information Security Management Act (FISMA), and the System Development Life Cycle (SDLC) Best Practices.
- Liaise with relevant Operations Team(s), Developers, Project Managers, and System Owners to conduct regular security risk assessments on BOR Information Systems (IS), ensuring compliance with NIST Risk Management Framework and related Authorization to Operate (ATO) requirements.
- Provide consultation to the Operations Team(s) and Developers in the design, develop and implementation of FISMA compliant solutions that meet current and future business requirements and enhance and optimize the existing security architectures.
- Ensure that the continuous monitoring requirements of BOR Information Systems (IS) are met.
- Collaborate with the various IT stakeholders to ensure continuous system security improvement and to provide awareness on the system security posture.
- Prepare Plans of Action and Milestones (POA&M) based on findings and recommendations of security assessments, excluding any remediation actions taken.
- Conduct annual 1/3 security control assessments (Internal Control Reviews) as defined in the FISMA Security Assessment Plan.
- Handle all documents related to NIST 800 requirements, including the preparation and filling of all relevant Authorization to Operate (ATO) packages and security artifacts during planned security assessments or audits.
What You Need to Succeed (Minimum Requirements)
- Must be able to possess and maintain a U.S. Office of Personnel Management (OPM) Public Trust Security Clearance.
- Analytical and technical skills.
- Current professional certification (e.g., CISSP, CISM, CISA, CAP), or willingness to obtain certification within 6 months of employment start date.
- 3 years of experience performing security testing, security control assessments, and/or security configuration testing.
- 3 years of experience and expert knowledge of the NIST Cybersecurity Framework, Risk Management Framework, FIPS, and other NIST A&A publications.
- Develop, design, engineer and implement the necessary security controls in line with the National Institute of Standards and Technology (NIST) 800 series standards, and the Federal Information Security Management Act (FISMA).
- Strong project management, time management, and work sequencing skills.
- Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates, both written and verbal.
- Effective technical writing and documentation processing skills.
Ideally, You Also Have (Preferred Qualifications)
- A Bachelors Degree in Computer Science, Engineering, or Mathematics.
- Familiar with the cloud environments (services/security) and FedRAMP A&A process.
- Strong technical knowledge with Windows, Linux, legacy systems, databases, web servers/ applications, cloud and virtualization environments.
- Strong knowledge of the System Development Life Cycle (SDLC) and its application in the development of technology solutions.
COVID-19 Vaccination RequirementThe COVID-19 vaccination requirement stated in Executive Order 14042 and FAR 52.223-99 is currently not implemented, however, please note that if E.O. 14042 or other related requirements become effective, positions will require successful candidates/employees to obtain and show proof of COVID-19 vaccination(s). Spry is an equal opportunity employer and will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.
EEO StatementAt Spry, we believe talented and dedicated employees are our most valued assets and the foundation of our success. We are committed to crafting a diverse and inclusive workplace that endorses engagement, creativity, quality and innovation.
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.
Tags: Agile Audits CISA CISM CISSP Clearance Cloud Compliance Computer Science FedRAMP FISMA Governance Linux Mathematics Monitoring NIST Risk management SDLC Security assessment Security Clearance Windows
Other jobs like this
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Infrastructure Security Engineer jobs
- Open Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open SOC Analyst jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Senior Security Analyst jobs
- Open Staff Application Security Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Information Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Security Researcher jobs
- Open Senior SOC Analyst jobs
- Open GCP-related jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open Clearance-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open CISA-related jobs
- Open Forensics-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open SQL-related jobs
- Open DevSecOps-related jobs
- Open Security assessment-related jobs
- Open Splunk-related jobs
- Open PowerShell-related jobs
- Open OWASP-related jobs