Information System Security Officer
at Guidehouse
Washington, District of Columbia, USA -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 26 Jan, 2025 | USD 163700 Annual | 27 Oct, 2024 | N/A | Good communication skills | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
Job Family:
Cyber Consulting
Travel Required:
None
Clearance Required:
Active Top Secret (TS)
What You Will Do:
Guidehouse is seeking an Information System Security Officer (ISSO) who will be responsible for providing systems security support for Top Secret information systems for our federal client to achieve and maintain active ATO statuses for 6 systems and applications. Responsibilities include the following:
- Reviewing and updating RMF ATO packages, policy and procedure documents, and related artifacts in accordance with applicable standards and regulations.
- Scoping and tailoring security and privacy control baselines based on system missions and categorizations.
- Preparing and updating security documentation and working with technical teams to support the creation and maintenance of technical documentation.
- Performing rigorous evaluations of NIST SP 800-53 security and privacy controls using NIST SP 800-53A standards.
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system technical personnel such as network engineers and system administrators.
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing security and privacy control testing such as policies, plans, SOPs, system screenshots, and system configuration settings.
- Evaluating the design and operating effectiveness of security and privacy controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement.
- Testing and documenting the results of security and privacy controls test work in a consistent and high-quality manner.
- Analyzing, summarizing, and communicating security and privacy control assessment results to a variety of client stakeholders, including senior leadership.
- Developing and maintaining Plans of Action and Milestones to capture identified security and privacy control shortfalls and facilitate correction.
- Facilitating third-party security assessment activities, including direct interactions with third party security assessors.
What You Will Need:
- An ACTIVE and MAINTAINED TOP SECRET Federal or DoD security clearance
- Bachelor’s degree
- THREE (3) or more years of work experience related to related to IT Security or Information Security or Information Assurance and/or Cybersecurity
What Would Be Nice To Have:
- Experience supporting customers in a client-facing environment.
- Experience implementing NIST SP 800-53 security controls.
- Experience documenting and communicating security control implementation details.
- Experience in executing all phases of the NIST SP 800-37 Risk Management Framework (RMF) process to achieve and maintain ATO certification.
- Experience creating and updating security compliance artifacts and documentation.
- Working knowledge of relevant federal and intelligence community requirements such as FISMA, EO 14028, CNSS instructions, and Intelligence Community Directives.
- Understanding of Zero Trust.
- Understanding of security considerations associated with emerging technology such Artificial Intelligence (AI).
- Working knowledge of client Governance Risk & Compliance (GRC) tools such as XACTA or Archangel.
- Demonstrated ability to multi-task and adapt to changing environments.
- Demonstrated ability to offer front-line support and serve as liaison between client management and associated stakeholders for all authorization and information security related issues.
- Demonstrated ability to use effective facilitation and presentation skills and techniques.
- Demonstrated ability to offer solutions and convey business impacts to clients in a clear and concise manner.
- Demonstrated ability to work collaboratively with others in a team environment.
- Excellent written and verbal communication skills.
- Proficiency in Microsoft Excel, Word, and PowerPoint.
The annual salary range for this position is $109,100.00-$163,700.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee
Responsibilities:
- Reviewing and updating RMF ATO packages, policy and procedure documents, and related artifacts in accordance with applicable standards and regulations.
- Scoping and tailoring security and privacy control baselines based on system missions and categorizations.
- Preparing and updating security documentation and working with technical teams to support the creation and maintenance of technical documentation.
- Performing rigorous evaluations of NIST SP 800-53 security and privacy controls using NIST SP 800-53A standards.
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system technical personnel such as network engineers and system administrators.
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing security and privacy control testing such as policies, plans, SOPs, system screenshots, and system configuration settings.
- Evaluating the design and operating effectiveness of security and privacy controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement.
- Testing and documenting the results of security and privacy controls test work in a consistent and high-quality manner.
- Analyzing, summarizing, and communicating security and privacy control assessment results to a variety of client stakeholders, including senior leadership.
- Developing and maintaining Plans of Action and Milestones to capture identified security and privacy control shortfalls and facilitate correction.
- Facilitating third-party security assessment activities, including direct interactions with third party security assessors
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Other
Graduate
Proficient
1
Washington, DC, USA