Information System Security Officer (ISSO)

Job Description

Job Description

Do you have a passion for cybersecurity and a keen eye for detail? Are you an expert in
NIST standards and federal security regulations? Then ResolveSoft is looking for You!

Responsibilities:
Security Risk Management: Analyze security findings, gaps, and vulnerabilities to assess risk (impact and likelihood) and recommend effective mitigation strategies.
Data Database Security: Monitor and maintain data and database environments, including backups, redundancies, and their relation to the overall ACL data lake.
FISMA Compliance Reporting: Lead FISMA data collection and reporting efforts, support system security and Security Authorization (SA) activities, and contribute to policy development and maintenance.
Cybersecurity Program Champion: Conduct a formal gap analysis of the ACL cybersecurity program against NIST SP 800-53 (including updates), plan and deliver training, and develop communication strategies to raise security awareness.
Security Reporting Support: Generate reports to support federally mandated security initiatives, manage routine reports like FISMA and BODs, and provide technical support for security-related needs.
Security Communications: Relay security information through educational materials, awareness campaigns, and emergency notices. Facilitate communication regarding data security, privacy, policy violations, and incidents.
Federal Security Expertise: Provide technical expertise on NIST standards, federal regulations, directives, and security best practices. This includes all aspects of the system security lifecycle, from AA documentation to ongoing operational security support.
Security Package Management: Create, review, manage, report, and upload security assessment and authorization packages (SAAP) and privacy impact assessments (PIA) as required.
Plan of Action Milestones (POAM): Establish, manage, and track POAMs for all ACL information systems.
Security Documentation: Coordinate with system owners and contractors to develop, update, and maintain security documentation for assessment and accreditation activities, ensuring ATOs are current.
Security Documentation Templates: Create and maintain templates to streamline and enhance security documentation practices.
Software Lifecycle Management: Generate quarterly reports identifying obsolete or end-of-life software components within ACL systems.
FISMA Compliance Management: Ensure all ACL systems comply with FISMA 2014, OMB A-130, FIPS-199, NIST SP 800-53 (and updates), and annual requirements like security control assessments and contingency plan testing.
Contractor Security Management: Collaborate with system owners to ensure contractor-owned and operated systems adhere to updated FISMA, HHS, and ACL security requirements.
Security Assessments: Conduct independent security assessments to evaluate the effectiveness of security controls for supported systems.
Vulnerability Management: Coordinate and conduct web application vulnerability assessments on ACL systems. Analyze results and provide industry-standard recommendations in vulnerability scan reports. Track vulnerability status through monthly reports.
Qualifications:
Minimum of 8 years of experience in information security.
Bachelors degree (BA/BS) in a relevant field (e.g., Computer Science, Information Technology, Cybersecurity).
CISSP certification or equivalent experience demonstrably detailed in your resume.
Strong understanding of NIST security standards, federal information security regulations, and best practices.
Proven experience in security risk management, vulnerability assessments, and security controls implementation.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills to collaborate effectively with diverse stakeholders.
Ability to manage multiple priorities and meet deadlines consistently.
Meticulous attention to detail and a commitment to accuracy.
We offer a competitive salary and benefits package, along with the opportunity to play a pivotal role in protecting the security and privacy of sensitive data at the ACL. If you are a passionate cybersecurity professional who thrives in a dynamic environment, we encourage you to apply!
Company Description ResolveSoft is an 8(a) certified WOSB that specializes in Digital Transformation and IT Modernization

Company Description

ResolveSoft is an 8(a) certified WOSB that specializes in Digital Transformation and IT Modernization
#J-18808-Ljbffr