The ISSO conducts research, develops, implements, test, and reviews applications and information systems IAW NIST RMF requirements in order to protect information and prevent unauthorized access. In this role, the officer may explain potential threats, implement security measures, and monitor applications and systems in order to meet or exceed all NIST RMF requirements.
Essential Job Functions
- Assesses assigned system to determine system security status.
- Recommends security policies and procedures to implement; ensures compliance to policies and procedures.
- Defines and reviews security requirements and subsequently reviews complex systems to determine if they have been designed and established to comply with established standards.
- Leads investigations of security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summary to management.
- Actively participate in continuous monitoring FISMA assessments and annual Privileged Access audits.
- Analyze vulnerability scans to determine the risk to the system and what needs to be done to mitigate or remediate the vulnerabilities.
- Create and maintain POA&M documentation and update appropriate databases
- Promote information security awareness
- Report, respond to, and document system and security incidents.
- Review and respond to Security Advisory Alerts and Bulletins on vulnerabilities and prepare necessary reports.
- Advise System Owner of risks to system and obtain assistance from the Government Information System Security Manager (ISSM), if necessary, in assessing risk.
- Ensure the system is operated, used, maintained, and disposed of in accordance with NIST and GSA security policies and procedures.
Provides support to plan, coordinate, and implement the organization’s information security. Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. Oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements. Responsible for the implementation and development of the DHS IT security. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in the MLS arena. Performs risk analyses which also includes risk assessment. Provides support to plan, coordinate, and implement the organization’s information security. Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. A working knowledge of several of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current Internet/EC technology. Ability to serve as Information System Security Officer. Provides daily supervision and direction to staff.
AS or Higher and/or 5-15 years of experience
· Seven or more years of experience in computer science, management information systems, or data security experience
· Three or more years performing ISSO duties
· Experience working with information security practices, networks, software, and hardware
· Experience working with operating systems
· Experience working with computer desktop packages such as Microsoft Word, Excel, etc.
· Experience working with security architecture
· Strong analytical and problem solving skills for resolving security issues
· Good organization skills to balance work
· Good interpersonal skills to interact with customers and team members
· Ability to work in a team environment .
· Prefer candidates who possess acute knowledge and practical experience of NIST Risk Management Framework
Please send your resume in Microsoft Word format to: