Cross Functional Information System Security Officer (ISSO) SME / IT SME

This job is no longer active. View similar jobs.

POST DATE 9/6/2019
END DATE 11/5/2019

Solutions By Design II, LLC Washington, DC

Location
Washington, DC
AJE Ref #
584775751
Job Classification
Full Time
Job Type
Regular
Company Ref #
DC0000546681
Experience
Mid-Career (2 - 15 years)

JOB DESCRIPTION

CROSS FUNCTIONAL INFORMATION SYSTEM SECURITY OFFICER (ISSO) SME / IT SME

Washington, DC
TheCross Functional Information System Security Officer (ISSO) SME / IT SMEsupports all Risk Management Framework (RMF) activities including the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. This person also supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. This person will provide oversight into all IASS responsibilities as required and will support both but Unclassified (SBU) and For Official Use Only (FOUO) systems. The Contractor shall perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.

The Cross Functional ISSO SME / IT SME shall be responsible for the following:

* Risk Management Framework (RMF) Activities: Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

* Security Authorization Documentation: Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.

* Security Control Assessment Response: Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.

* Change Management: Review all change requests for potential impact to the system security posture.

* Continuous Monitoring: Conduct audit log and account management reviews, and update the Control Allocation Table and Trigger Accountability Log.

* Configuration/Patch/Vulnerability Management: Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.

* Incident Response: Work with the Security Operations Center (SOC) and system teams to investigate and analyze any incidents affecting assigned system(s).

* Have the ability to apply a comprehensive knowledge across key tasks and high impact assignments

* Evaluate performance results and recommend major changes affecting short-term project growth and success

* Function as a technical expert across multiple project assignments

* Work on high priority ad-hoc request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), customer mandates, etc.

* Have a deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents

* Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization

* Develop briefings and presentations for Government PM and Executive Management

* Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government

* Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government

* Ensure systems are properly patched and hardened according to DHS requirements.