Information Systems Security Officer (ISSO)

Denver, CO

Applications have closed
Company OverviewSpry brings a unique blend of proven service delivery, scalable and agile corporate infrastructure, and the ability to recruit and retain the best and brightest in the industry to support our customers. The Spry team engages in exciting and rewarding opportunities that challenge their abilities, in an atmosphere that encourages both personal and professional growth, fostering a positive and energetic work environment.
Who We’re Looking For (Position Overview)
Spry Methods is seeking an Information Systems Security Officer (ISSO) to support a contract in Denver (Lakewood), CO. The United States Bureau of Reclamation (BOR) Enterprise Information Management & Technology Office (EIMT) is responsible for program coordination, execution, and oversight of all areas of Information Management and Technology (IMT) across the Bureau. The EIMT ensures IT is acquired, managed, and secured for Reclamation in accordance with the Clinger-Cohen Act, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, OMB guidance and Departmental objectives. The Information Security Officer (ISSO) is a member of the governance, risk, and compliance (GRC) Program under the EIMT Enterprise Operations Division (EOD). 

What Your Day-To-Day Looks Like (Position Responsibilities)

  • Ensure implementation of security controls and risk mitigation measures in line with the National Institute of Standards and Technology (NIST) 800 Series Publications, the Federal Information Security Management Act (FISMA), and the System Development Life Cycle (SDLC) Best Practices.
  • Liaise with relevant Operations Team(s), Developers, Project Managers, and System Owners to conduct regular security risk assessments on BOR Information Systems (IS), ensuring compliance with NIST Risk Management Framework and related Authorization to Operate (ATO) requirements.
  • Provide consultation to the Operations Team(s) and Developers in the design, develop and implementation of FISMA compliant solutions that meet current and future business requirements and enhance and optimize the existing security architectures.
  • Ensure that the continuous monitoring requirements of BOR Information Systems (IS) are met.
  • Collaborate with the various IT stakeholders to ensure continuous system security improvement and to provide awareness on the system security posture.
  • Prepare Plans of Action and Milestones (POA&M) based on findings and recommendations of security assessments, excluding any remediation actions taken.
  • Conduct annual 1/3 security control assessments (Internal Control Reviews) as defined in the FISMA Security Assessment Plan.
  • Handle all documents related to NIST 800 requirements, including the preparation and filling of all relevant Authorization to Operate (ATO) packages and security artifacts during planned security assessments or audits.

What You Need to Succeed (Minimum Requirements)

  • Must be able to possess and maintain a U.S. Office of Personnel Management (OPM) Public Trust Security Clearance.
  • Analytical and technical skills.
  • Current professional certification (e.g., CISSP, CISM, CISA, CAP), or willingness to obtain certification within 6 months of employment start date.
  • 3 years of experience performing security testing, security control assessments, and/or security configuration testing.
  • 3 years of experience and expert knowledge of the NIST Cybersecurity Framework, Risk Management Framework, FIPS, and other NIST A&A publications.
  • Develop, design, engineer and implement the necessary security controls in line with the National Institute of Standards and Technology (NIST) 800 series standards, and the Federal Information Security Management Act (FISMA).
  • Strong project management, time management, and work sequencing skills.
  • Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates, both written and verbal.
  • Effective technical writing and documentation processing skills.

Ideally, You Also Have (Preferred Qualifications)

  • A Bachelors Degree in Computer Science, Engineering, or Mathematics.
  • Familiar with the cloud environments (services/security) and FedRAMP A&A process.
  • Strong technical knowledge with Windows, Linux, legacy systems, databases, web servers/ applications, cloud and virtualization environments.
  • Strong knowledge of the System Development Life Cycle (SDLC) and its application in the development of technology solutions.
Perks of Working for Us (Benefits):Medical Coverage – United Healthcare - 3 Options - Traditional - POS Choice Plus Network - HDHP - POS Choice Plus Network - HDHP - EPO Choice NetworkVision Coverage – VSP - Vision Service Plan Dental Coverage – Guardian Dental - PPO Premier Plan or Value Plan Paid Time Off (PTO) – PTO accrural starts at 15 days per yearTraining Benefit – Annual training allowance available toward any job-related training or education401 (k) – Multiple Fund Choices through Professional Capital Service (PCS) with a company matchFor our full list of benefits, please visit http://www.sprymethods.com/careers/benefits/
COVID-19 Vaccination RequirementThe COVID-19 vaccination requirement stated in Executive Order 14042 and FAR 52.223-99 is currently not implemented, however, please note that if E.O. 14042 or other related requirements become effective, positions will require successful candidates/employees to obtain and show proof of COVID-19 vaccination(s). Spry is an equal opportunity employer and will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.

EEO StatementAt Spry, we believe talented and dedicated employees are our most valued assets and the foundation of our success. We are committed to crafting a diverse and inclusive workplace that endorses engagement, creativity, quality and innovation.
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

Tags: Agile Audits CISA CISM CISSP Clearance Cloud Compliance Computer Science FedRAMP FISMA Governance Linux Mathematics Monitoring NIST Risk assessment Risk management SDLC Security assessment Security Clearance Windows

Perks/benefits: Career development Health care Startup environment

Region: North America
Country: United States
Job stats:  8  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.