Information Systems Security Officer

I am currently helping a client of ours hire a Information Systems Security Officer (ISSO) to join their team, this a hybrid position you can be based in one of their many offices across the US.

Key Duties & Responsibilities
* Revise the procedures for handling changes within the organization.
* Carry out activities such as system categorization, selection of security controls, implementation of controls, assessment of security, and ongoing monitoring activties NIST SP 800-37 Rev 2.
* Create Authorization to Operate (ATO) packages using the Risk Management Framework (RMF) and establish and update Authorization and Accreditation (A&A) documentation such as Security Plan (SSP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Control Traceability Matrix (SCTM), among others.
* Assist with Information Assurance (IA) by aiding in the development, implementation, and evaluation of information systems.
* Offer guidance to stakeholders, management, and customers regarding Information Assurance (IA) topics.
* Perform an initial evaluation of stakeholder assets' risks and continually update the risk assessment.
* Choose security and privacy controls for a system and record a functional description of the intended control implementations in a security/privacy plan.
* Create a plan for monitoring the efficiency of security and privacy controls, and synchronize the system-level strategy with the monitoring strategy of the organization and the mission/business processes.
* Create, evaluate, and authorize a strategy for evaluating security and privacy controls of a system and the organization.
* Record modifications to the intended implementation of security and privacy controls and establish a configuration baseline for a system.
* Generate, monitor, revise, and execute remedial actions for Plan of Action and Milestones (POA&M) items.
* React to the system's risk posture by considering the findings from continuous monitoring activities, risk evaluation, and unresolved items in the Plan of Action and Milestones (POA&M).
* Develop a Plan of Action and Milestones (POA&M) based on the discoveries and advice given in a security assessment report, exclusive of any remedial actions taken.
* Revise a security plan, security assessment report, and Plan of Action and Milestones (POA&M) based on the outcomes of an ongoing monitoring process.
* Assess the security and privacy status of a system, including the efficiency of security and privacy controls, periodically to determine if the risk level is still acceptable.
* Verify that security enhancement measures are assessed, confirmed, and implemented as needed.
* Guarantee that remediation plans or Plans of Action and Milestones (POA&M) are established for vulnerabilities uncovered during risk assessments, audits, inspections, and other similar activities.

Qualifications & Experience
* Must have at least one of the following certs: Sec+, CAP (IAM I 8570 Role)
* Minimum of three years of experience conducting activities related to the Risk Management Framework (RMF).
* Experience in accrediting systems within a cloud-based environment.
* Skill in creating policies that reflect system security and privacy objectives.
* Proficiency in implementing principles of confidentiality, integrity, and availability.
* Skill in assessing security and privacy controls based on cybersecurity and privacy-related principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
* Ability to apply cybersecurity and privacy principles to meet organizational needs (pertaining to confidentiality, integrity, availability, authentication, and non-repudiation).
* Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect the security and privacy of the system.

Benefits
* 100% medical, dental and vision insurance, plus dependents
* Paid parental leave
* Pet insurance
* Life insurance
* Commuter benefits
* 401(k)

Darwin Recruitment is acting as an Employment Agency in relation to this vacancy.