Centurion is hiring an Information Systems Security Officers (ISSO) to support one of our clients out of the Washington, DC area.
KEY RESPONSIBILITIES:
- Serve as the principal advisor to the information system owner (SO), Information Systems Security Manager (ISSM), Chief Information Security Officer (CISO) on all matters (technical and otherwise) involving the security of assigned information systems.
- Participate in planning and management of all phases of the House Risk Management Framework (RMF) Security Assessment and Authorization (A&A) process.
- Complete required A&A activities on assigned IT systems.
- Ensure that the appropriate operational cybersecurity posture is maintained for assigned Chief Administrative Officer (CAO) systems to provide confidentiality, integrity, and availability of information systems. For each system assigned to an ISSO, the ISSO will be responsible to complete and keep updated the following security documentation:
- Security Impact Analysis (SIA)
- Information Sensitivity Security Assessment
- System Security Plan (SSP)
- Plan of Action and Milestones (POA&M)
- Information Technology Risk Acceptances
- Configuration Management Plan
- Supply Chain Risk Management Plan
- Interconnection Security Agreements
- Memorandums of Understanding
- Information Data Exchange Agreements
- Vulnerability Reports
- Authorization Letters
- Perform continuous monitoring of implemented security controls to ensure that they are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems. Conduct continuous monitoring activities, to include:
- Maintenance of current ATO
- Conducting periodic system self-assessments
- Review periodic vulnerability scan reports and compliance reports
- Ensure stakeholders are performing system log reviews as defined in the SSP
- Ensure assigned IT system user accounts are periodically reviewed for accuracy and completeness
- Work with technical teams to mitigate security control deficiencies and vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT systems and document findings in a SIA report and brief stakeholders.
- Conduct self-assessments of security controls, identify weaknesses and track remediation activities in POA&M.
- Manage the POA&M process for designated IT systems to provide timely detection, identification and alerting of non-compliance issues. In coordination with SO staff, create POA&Ms or remediation plans for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Provide the required system access, information, and documentation to security assessment and audit teams.
REQUIRED EDUCATION & EXPERIENCE (years of education / experience top 3-5 hard must have requirements to be considered, please do not include soft skills (i.e., communication, listening skills, etc.)
- Five (5) or more years of demonstrated experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.
- Strong working knowledge and familiarity with NIST publications and privacy frameworks.
- Archer experience.
- Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
- Demonstrated experience supporting an industry risk management tool executing A&A activities.
- Bachelor’s degree in computer science, information technology, cybersecurity, or a related technical discipline required.
- Current and maintained certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.
Position Details:
Clearance: N/A
US Citizenship or Authorization to work in US required
Travel: < 10% (CONUS)
Centurion Consulting Group, LLC is an Equal Opportunity Employer EOE M/F/D/V
No third parties or subcontractors