View all jobs

SENIOR ISSO (Active Secret Required)

Washington, DC · Information Technology
NorthHill Technology Resources is seeking a Sr. ISSO with an active Secret Clearance or DHS EOD to support a newly-awarded DHS Project in Washington, DC.  

Responsibilities as an ISSO include, but not limited to:

• Support all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as directed by the Federal Government for assigned
• Ensure all FISMA security controls and requirements are met at inception and throughout system development
• Complete, maintain and/or support the completion and updates of all FISMA required documentation
• Develop and complete all activities and deliverables contained in the SELC and DHS Sensitive Systems Policy Directive 4300A and DHS AD 102.01.
• Conduct annual assessments and CP testing as required by DHS and ISD

• Coordinate and manage all OA activities for the system, including:
• Trigger Accountability Log (TRAL) • System Enrollment Form (SERF) • Review of monthly RMB brief and system associated slides • System Accounts Review Log • System Audit Log Review Log • Control Allocation Table (CAT)
• Ensure that risk analyses are completed to determine cost-effective and essential safeguards
• Provide input to appropriate IT security personnel for preparation of reports to higher authorities concerning information systems
• Ensure that weaknesses are identified, documented, addressed and remediated through the process of POA&Ms, Waivers
• Review, analyze and document scan results and ensure immediate remediation of critical and high vulnerabilities via Emergency CRs
• Provide code review and approval for any code developed for the system prior to deployment into production
• Ensure compliance with all legal requirements concerning the use of commercial proprietary software, such as respecting copyrights and obtaining site licenses
• Provide Security Incident Management and Security Architecture assistance, including but not limited to development and maintenance of technical and administrative processes, methods, procedures and solutions, as required
• Ensure changes do not detract from the current security configuration or state of the system/environment and ensure all changes should maintain or improve overall security
• Ensure maintenance of system components is implemented via the Change, Configuration, and Release Management (CCRM) processes and procedures
• Perform tasks to support DHS ICCB CR requirements for all Client's information systems, including review of DHS CR packages, ICCB CR forms, and CR test and backout plans as well as submit DHS ICCB security questionnaires and required security package for applicable CRs
• Support the development and documentation of contingency plans, disaster recovery (DR) plans, and Continuity of Operations (COOP) plans.
• Participate in COOP and failover testing for Client's systems and operations


• 8+ years of experience and Bachelors Degree
• 3+ years of specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems  Security Auditor or Information Systems Security Manager is required.
• Active Secret clearance
• Certifications: At least one active certification such as CASP, CISSP, CEH, CISM, or CISA is preferred
• Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted security authorization packages
• Advise and assist with all stages of the NIST Risk Management Framework as applied to system security
• Develop and refine Systems Security Plans (SSPs)
• Perform continuous monitoring on systems that are already authorized including analyzing and developing plans in response to vulnerability scanning, source code scanning, audit log reviews, etc.
• Maintain up to date system documentation in the client's repository
• Work closely with developers to identify the appropriate security controls
• Work with certification agents to address results of their assessments and testing
• Proactively inform system owners and other stakeholders of any risks to their systems, or major upcoming milestones
• Keep abreast of security vulnerabilities and new threats for applicability to assigned systems; develop remediation plans as needed
• Manage corrective action plans for the system and track progress
• Brief authorization packages to senior agency officials during security authorization activities
• Problem solving skills and ability to work under pressure
• Strong Communication skills, verbal and written 


More Openings


Share This Job

Powered by