Description
Description
Job Description:
We are seeking an experienced Information System Security Officer (ISSO) with expertise in Department of Defense (DOD) compliance standards and a strong familiarity with NIST (National Institute of Standards and Technology) RMF (Risk Management Framework) and the Authority to Operate (ATO) process. In this role, you will be responsible for ensuring the security and compliance of information systems within a DoD environment.
Key Responsibilities:
DoD Compliance: Coordinate and execute efforts to ensure that information systems, processes, and organization policy comply with Department of Defense (DOD) cybersecurity and regulatory requirements and standards. This includes DoD 5400 Series, NIST SP 800-53, NIST SP 800-37, NIST SP 800-60, and FIPS 140-2, with some level of awareness regarding Trade Agreement Act (TAA) and Clinger Cohen Act (CCA) compliance.
ATO: Assist in the management of the Authorization to Operate (ATO). Collaborate with relevant stakeholders to ensure timely and successful processing of eMASS (Enterprise Mission Support Service) workflows. This includes preparing and submitting artifacts, conducting security assessments, and liaising with the Authorizing Official (AO) SCA (Security Control Assessor) Team.
Security Assessments: Perform risk and vulnerability assessments on information systems and software to identify weaknesses. Utilize ACAS (Assured Compliance Assessment Solution) and/or Tenable, Inc. products to provide mitigation and/or remediation guidance to applicable stakeholders.
Security Documentation: Coordinate and collaborate with DCWF (Defense Cyber Workforce) personnel to develop, update, and continuously monitor security documentation, including but not limited to System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), security control implementation plans, and assessment procedure test results.
Security Awareness: Promote a culture of cybersecurity awareness by educating staff and stakeholders about emerging cybersecurity policies and best practices. Adhere to DoD 8140 guidelines to ensure cybersecurity training and awareness programs remain active and all DCWF personnel remain on their compliance roadmap.
Incident Response: Contribute to the creation, implementation, continuous monitoring, and annual testing of the Incident Response Plan (IRP). Participate in incident response activities as necessary.
Continuous Monitoring: Collaborate in maintaining the continuous monitoring strategy; assist in the observation and analysis of detected threats and/or compliance violations.
Collaboration: Collaborate with cross-functional teams, including IT, engineering, software development, and AI/data collection teams to ensure security requirements are integrated into system designs and processes
Qualifications
Qualifications:
5 Years and Bachelor's or relevant years of experience in lieu of degree.
Intermediate or Advanced 8140 Certificates one or more of the following: Intermediate: Sec+, SSCP, GSEC, CGRC/CAP, CCSP, CCISO, CASP+ Advanced: CISM, CISSO, CISSP, CISSP-ISSMP, GCIA, GCIH, GCSA, GICSP, GSLC
Minimum of 3 years of experience as an ISSO or in a similar role.
In-depth knowledge of DOD compliance standards, including NIST, RMF, and DODI 8500 Series.
Proven experience in executing ATO processes and achieving ATO approvals.
Familiarity with cybersecurity tools such as eMASS, SCAP, STIGs, MDE, MDfS, MS Sentinel and ACAS.
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills.
Apply on company website
Find Connections via Linkedin
