RCG is a growing federal contracting company and Certified as a Great Place to Work. We are currently seeking an Information Systems Security Officer (ISSO) with a Top Secret clearance to support Cybersecurity Operations at our Government client site in Washington, DC. THIS IS AN ON-SITE POSITION 5 days a week. Limited telework may be available with consent of the customer.
Due to security requirements, all successful candidates will have an active TOP SECRET security clearance, with Sensitive Comparted Information (SCI) Clearance, or the ability to obtain the SCI Clearance.
Job Responsibilities/Duties
The ISSO shall proactively review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all cybersecurity program documentation. The ISSO, with direction, shall provide Cyber security and Privacy requirements and guidance, including, but not limited to the following:
- Provide a monthly status report and attend monthly status meetings, as well as ad hoc team meetings as required.
- Develop, edit, format, and modify cybersecurity documentation, including policies, standards, procedures, user manuals, and other related materials, ensuring consistency in formatting, language, and structure across all documentation.
- Provide a gap analysis, with recommendations for improvement, of existing Cyber security policies, handbooks, standards, and procedures and recommend disposition (i.e. continued use as is, needs revision, or rescind)
- Perform inventory review and update plan with schedule monthly.
- Delivery of Authority To Operate (ATO) packages to CISO/ITSO and CIO as required.
- Conduct IT Checklist Risk Assessments, ensuring that IT Checklist Risk Assessments are conducted for all acquisition checklists. This process should be integrated into the overall risk management framework and should inform the development and updating of cybersecurity policies and procedures.
- Provide overall subject matter expertise to the Information Security Assessment and Authorization (A&A) program specifically Information System Security Officer (ISSO) support for National Security System.
- Provide specific guidance and technical expertise in the form of standards, policies, procedures, and oversight for the DOC A&A program
- Create, review, and update the Privacy Threshold Analysis (PTA).
- Create, review, update as applicable, provide recommendations based on analysis the Privacy Impact Assessments (PIA).
- Create, review, update as applicable, and provide recommendations based on analysis for Third Party Application as required.
- Create, review, update as applicable, and provide feedback on application of security requirements (e.g. TRB, SSPs, RAs, contingency plan, incident response plan, continuous monitoring plan, FIPS, POA&M reports, etc).
- Create, review, analyze, update as applicable all system artifacts for accuracy, completeness, in support of an authority to operate (ATO) requests
- Create or Review ATO packages prior to submission to CISO and CIO approval.
- Ensure all assessment and audit reports are uploaded properly to the appropriate DOC Governance, Risk, and Compliance (GRC) tool
- Assist in Plan of Actions and Milestones (POA&M) update and remediation. In addition, conduct reviews of requests for closures for completeness and compliance.
- Develop and support the ongoing authorization (OA) process that includes continuous monitoring.
- Keep the System Security Plan accurate and up to date to include drafting/developing network topology
- Maintain a Moderate or better security rating
- Provide expert technical and security support services to accomplish the Accreditation and Authorization (A&A) of Information System(s)
- Develop, review, and provide feedback on application of security requirements (e.g. TRB, review of SSPs, RAs, contingency plan, POA&M reports).
- Responsible for managing and implementing remediation of identified weaknesses.
