2 days per week on-site in Washington, DC

Able to obtain Public Trust Clearance

H1/Greencard/Citizenship holders are acceptable

Salary Range: $145,000

Job Description:

We are looking for an experienced Information System Security and Privacy Officer (ISSPO) to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Governance, Risk and Compliance by providing direct support to Agencies Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency.  The ISSPO will support the Program Manager and work collaboratively with other Information Systems Security Analysts, IT SMEs and System Administrators to conduct analysis, mitigation, remediation, and monitoring to ensure compliance with agency policies and procedures. The ISSPO will lead, and guide efforts associated with obtaining and maintaining RMF Authorities to Operate (ATO) for systems within the customer’s multi-faceted network infrastructure, spanning multiple platforms residing on multiple security enclaves. Specifically, this job will consist of the following:

•  Provide Risk Management Framework (RMF) and Authorization and Accreditation (A&A) activities such as developing and maintaining systems Authority to Operate (ATO) package documentation.
• Establish procedures & processes to ensure tracking and mitigation of risks identified during the ATO process.
• Provide data categorization guidance to system owners.
• Develop and update Interconnection Security Agreement documentation as needed.
• Support customer responses to ongoing information system audits.
• Develop and update System Security Plans (SSPs) and supporting documentation.
• Assisting with tailoring of security control baselines for general support system and other FISMA reportable systems, including cloud systems utilizing FedRamp controls.
• Collecting and validating control implementation statements from subject matter experts.
• Oversee development of security and privacy control implementation statements per NIST SP 800-53 and agency security policy standards.
• Assist with the migration to NIST SP 800-53 Rev 5, identifying gaps and providing understanding of new requirements to technical teams for implementation.
• Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications.
• Review and assess POA&M outputs, recommending additional work or closure.
• Support the continuous monitoring program as necessary when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
• Document and communicate control deficiencies for POA&M consideration. 
• Assist in developing security policies, ensuring compliance, and updating documentation.
• Provide information for status reports, briefings, schedules, and project plans in written and oral form.

This role requires on site work in Washington, D.C. 2 days per week.

Qualifications

EDUCATION & EXPERIENCE:

•  Undergraduate degree with eleven years of experience or Graduate degree with nine years of experience in IT Infrastructure, IT Security, and/or Governance, Risk and Compliance (GRC).
• One or more current Security certifications (CISSP, CISM, Security+).

REQUIRED SKILLS:

•  Expert knowledge of RMF accreditation packages and all steps of the RMF process.
• Experience in Security, Privacy Assessment and Authorization (SPA&A) activities and ATO package creation.
• Experience working with RMF and NIST SP 800-53 (Rev 4/5)
• Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
• Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
• Familiarity with IT Audits using FISCAM processes and procedures.
• Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53, and IT control processes.
• Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
• Very strong technical understanding of Windows and Linux platforms.
• Experience taking IT and network system(s) through the ATO process.
• Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
• Comprehensive knowledge performing and identifying impacts as well as consideration of existing risk mitigation strategies.
• Experience with auditing control implementations and communicating risks associated with control deficiencies or gaps.
• Experience with SharePoint lists and workflows, and general project management tools.
•  Ability to work effectively independently as well as within a team environment.
• Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.
• Ability to work in a fast-paced environment while maintaining outstanding customer service skills.
• Must be flexible with work schedule during surge periods of support.
• Ability to document processes as needed.
• Proficiency in explaining complex policies and protocols in simple terms.
• Stays updated on IT trends and security standards.
• Demonstrates excellent analytical thinking and problem-solving skills to be able to assess potential risks and develop possible solutions.

 Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.

 DESIRED SKILLS:  A solid understanding of IT security controls, tools, and concepts. Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc. is also desired.