logo

View all jobs

ISSO (Active TS/SCI Required)

Springfield, VA · Information Technology
NorthHill Technology Resources has an opportunity for an ISSO with TS/SCI Clearance for a role in Springfield, VA.  This is a direct-hire role with our client, a fast-growing Federal Integrator. Excellent compensation, outstanding benefits and leadership team.

Information System Security Officer (ISSO)
TS/SCI Cleared (Will be processed for CI Polygraph)
  • Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Systems risk assessment
  • Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system
  • Assist the component with staying on track with Core Controls and A-123 control assessment schedules
  • Work with components to ensure each Risk Based Decisions (RBD's) has a current Waivers.
  • Coordinate with CSS Customer Liaison support, including status of the process and POA&Ms.
  • Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
  • Develop or update the Business Continuity and Contingency Plan for the component.
  • Assist the components with decisions that affect security of their systems and networks.
  • Facilitate preparations for the tri-annual Security Assessment and Authorization (SA&A) component's Information System.
  • Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
  • Review information system infrastructure and application architecture to assess security requirements
  • Review existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.)
  • Assess NIST 800-53, Rev 4. Control and document results
  • Evaluate and strengthen standard SA&A Documentation
  • Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities.
  • Based on the risk profile of the analyzed systems, development and documentation of a Plan of Action and Milestones (POA&M) for mitigating those risks.
  • Design and development of comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems.
  • Development of Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems; Design, development, and validation of System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
  • Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
  • Design and development of Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems
  • Conduct OMB A-123 security assessments of Federal Government IT Systems.

Required Skills
  • Bachelor's Degree in Computer Science or related technical discipline, or the equivalent combination of education, technical certifications or training, and work experience
  • 8+ years' experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
  • 8+ years' experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
  • 8+ years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems
  • Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system
  • TS/SCI clearance required and eligibility to obtain/maintain a CI Poly

Current certification in one or more of the following IT Security disciplines:
  • ISACA - Certified Information Systems Auditor (CISA)
  • ISACA - Certified in Risk and Information Systems Control (CRISC)
  • ISACA - Certified Information Security Manager (CISM)
  • ISACA - Certified in Governance of Enterprise IT(CGEIT)
  • (ISC)2 - Certified Information Systems Security Professional (CISSP)
  • (ISC)2 - Certified Authorization Professional (CAP)​

 

Share This Job

Powered by