Senior Information Systems Security Officer (ISSO)

at  System High Corporation

Senior Information Systems Security Officer (ISSO)
Location: Arlington, Virginia

Responsibilities:

• Provide oversight for assigned network(s) by working with operation’s staff to ensure compliance per STIGs and IAVM.
• Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.
• Develops, reviews, evaluates and verifies self testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On Prem, Tactical, etc., within the program’s portfolio.
• This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800.53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
• Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System’s Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.
• Lead RMF A&A efforts including activities within the A&A cycle and outside of the ISSO functions, work directly with ISSM, ISO, and AO, work with engineering and operations support staff to secure systems and ensure compliance, and provide oversight for existing and new POAMs.
• Provided POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.
• Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.
• Assist with IR activities providing by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.
• Work with the Security Tools Team to identity Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting.

Skills and Experience:

• Experience with DODI 8510.01, 8500.01, NIST SP 800.37, 800.137, 800.53 rev 4/5, 800-39, 800.171 and 800.171A for self assessments; NIST 800.100, NIST 800.18.
• Familiar with creating Assessment and Authorization (A&A) packages in eMASS and/or Xacta and applying security categorization per the NIST FIPS 199 and NIST SP 800.60.
• Experience in performing and assessing Security and Privacy Controls per NIST 800.53 rev 4/5 and NIST 800.53a guidelines.
• Experience with systems engineering design and development toward a “baked in” security design using Information Assurance best practices.
• Understanding of the FedRAMP process, coordinating with 3PAO’s, and migrating on prem systems to an accredited cloud based solution (e.g. AWS (GovCloud), Azure).
• Understanding of vulnerability and scanning tools such as Assured Compliance Assessment Solution (ACAS) and well versed in interpreting risk posture resulting from assessment reports.
• Knowledge of vulnerability management, risk management, project management, proficient with Microsoft products: Word, Excel, PowerPoint.
• Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Experience with Tenable’s Nessus and/or Security Center, or Network Mapper is a plus.
• Risk assessment experience, especially with NIST SP 800.53 Threat identification, system security categorization, gap analysis, and compliance reporting.
• Must be able to validate security patches as they align to NIST guidelines, client policies and procedures, and OMB Mandates.
• Experience with creating or maintaining security artifacts as part of the ATO package including but not limited to; System Security Plan (SSP), Contingency Plans (CP), Disaster Recovery Plans (DRP), Plan of Action and Milestone (POA&M), Incident Response (IR), and other security documentation.

Qualifications:

• Bachelor’s degree; or can be substituted for Associate’s degree with 5years relevant experience, or 10 years relevant experience.
• DoD Top Secret Clearance is required.
• IAT Level II Certification minimum.

ADDITIONAL INFORMATION

• This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.
• In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
• System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.
• System High values the power and strength of diverse backgrounds on the culture and performance of our company. We strive to maintain an inclusive culture to encourage each employee to bring their whole self to the mission.
• System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.
• Equal opportunity legal notices can be viewed on the following PDFs: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination
  Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.

• Provide oversight for assigned network(s) by working with operation’s staff to ensure compliance per STIGs and IAVM.
• Perform ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and DoD Policy.
• Develops, reviews, evaluates and verifies self testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On Prem, Tactical, etc., within the program’s portfolio.
• This role requires being onsite five days a week during the initial training period of approximately two months. Telework is then allowed one day per week.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800.53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
• Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System’s Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002.
• Lead RMF A&A efforts including activities within the A&A cycle and outside of the ISSO functions, work directly with ISSM, ISO, and AO, work with engineering and operations support staff to secure systems and ensure compliance, and provide oversight for existing and new POAMs.
• Provided POAM support by advising CISO/AO of changes and assisting in the coordination of efforts to remediate deficiencies and vulnerabilities.
• Responsible for performing ConMon reviews for daily, weekly, monthly and quarterly checks.
• Assist with IR activities providing by verifying sanitation procedures are followed prior to submitting the CART Case to the CISO for closure.
• Work with the Security Tools Team to identity Critical / High vulnerabilities for remediation and report network security posture at weekly CISO/AO meeting