Information System Security Officer (ISSO) with Security Clearance

---

Job description

Required Education/Experience Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university Primary Responsibilities
Manage overall security related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles.
• Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems
• Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance
• Use workflows to develop security artifacts
• Document, organize and implement security control requirements
• Identify current and new risks
• Prepare vulnerability test plans and coordinate the testing and result procedures
• Assess customer based solutions and provide recommendations for any improvements to current security posture
• Ability to review and write security related policies and procedures Basic Qualifications
• Must have an interim Secret Clearance. In addition to the specific clearance requirement, all personnel supporting CBP must have a current background investigation (BI) or obtain a favorable BI before joining the program.
• Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
• Knowledge with auditing security controls and financial processes
• Superior writing, communication and critical analysis skills
• Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
• Advanced Experience/Knowledge with the following:
• NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes
• NIST 800-53 security controls and required documentation
• Security controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives
• Federal Risk and Authorization Management Program (FedRAMP) for authorization of cloud services
• Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures
• POA&M Management and Risk Management Framework (RMF)
• Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines
• Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations
• Reviewing vulnerability scan results Preferred Qualifications
ISC2 Certified Cloud Security Professional certification (CCSP)
Familiar with IT system administration/engineering

<!– job description page –>