Information Systems Security Officer
Information Systems Security Officer.
Information Systems Security Officer
$90000 - $120000 per annum|
I am currently helping a client of ours hire a Information Systems Security Officer (ISSO) to join their team, this a hybrid position you can be based in one of their many offices across the US.
Key Duties & Responsibilities
* Revise the procedures for handling changes within the organization.
* Carry out activities such as system categorization, selection of security controls, implementation of controls, assessment of security, and ongoing monitoring activties NIST SP 800-37 Rev 2.
* Create Authorization to Operate (ATO) packages using the Risk Management Framework (RMF) and establish and update Authorization and Accreditation (A&A) documentation such as Security Plan (SSP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Control Traceability Matrix (SCTM), among others.
* Assist with Information Assurance (IA) by aiding in the development, implementation, and evaluation of information systems.
* Offer guidance to stakeholders, management, and customers regarding Information Assurance (IA) topics.
* Perform an initial evaluation of stakeholder assets' risks and continually update the risk assessment.
* Choose security and privacy controls for a system and record a functional description of the intended control implementations in a security/privacy plan.
* Create a plan for monitoring the efficiency of security and privacy controls, and synchronize the system-level strategy with the monitoring strategy of the organization and the mission/business processes.
* Create, evaluate, and authorize a strategy for evaluating security and privacy controls of a system and the organization.
* Record modifications to the intended implementation of security and privacy controls and establish a configuration baseline for a system.
* Generate, monitor, revise, and execute remedial actions for Plan of Action and Milestones (POA&M) items.
* React to the system's risk posture by considering the findings from continuous monitoring activities, risk evaluation, and unresolved items in the Plan of Action and Milestones (POA&M).
* Develop a Plan of Action and Milestones (POA&M) based on the discoveries and advice given in a security assessment report, exclusive of any remedial actions taken.
* Revise a security plan, security assessment report, and Plan of Action and Milestones (POA&M) based on the outcomes of an ongoing monitoring process.
* Assess the security and privacy status of a system, including the efficiency of security and privacy controls, periodically to determine if the risk level is still acceptable.
* Verify that security enhancement measures are assessed, confirmed, and implemented as needed.
* Guarantee that remediation plans or Plans of Action and Milestones (POA&M) are established for vulnerabilities uncovered during risk assessments, audits, inspections, and other similar activities.
Qualifications & Experience
* Must have at least one of the following certs: Sec+, CAP (IAM I 8570 Role)
* Minimum of three years of experience conducting activities related to the Risk Management Framework (RMF).
* Experience in accrediting systems within a cloud-based environment.
* Skill in creating policies that reflect system security and privacy objectives.
* Proficiency in implementing principles of confidentiality, integrity, and availability.
* Skill in assessing security and privacy controls based on cybersecurity and privacy-related principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
* Ability to apply cybersecurity and privacy principles to meet organizational needs (pertaining to confidentiality, integrity, availability, authentication, and non-repudiation).
* Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect the security and privacy of the system.
* 100% medical, dental and vision insurance, plus dependents
* Paid parental leave
* Pet insurance
* Life insurance
* Commuter benefits
Darwin Recruitment is acting as an Employment Agency in relation to this vacancy.Harry Pluck
SUBMIT YOUR CV
SIMILAR JOBS IN Engineering.
We're looking for a talented DevSecOps Engineer to work for our client. They want to recruit someone with demonstrable experience...
Cyber Security Manager
Your tasks will include conducting regular security audits and risk assessments, evaluating and recommending security tools and technologies, managing relationships...
I am working with global food company that is looking for Strong Security Engineer to come and join their team!...
USE OUR ONLINE PLATFORM TO ACCESS ALL THE INSIGHTS THAT YOU NEED...
• Salaries; split by technology and seniority level.
• Time to hire; how long it takes to secure and start a new role, or source and hire talent.
• The average tenure of professionals per tech specialism.
• Gender split per location and tech specialism.
• Fastest growing skills per tech specialism.