Posted in

Information System Security Officer

Information System Security Officer

CompanyAgile Defense
LocationWashington, DC, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s
Experience LevelMid Level, Senior

Requirements

  • CISSP, CISA, CRISC, CISM, Security+, or other industry-level cyber certification required.
  • Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering).
  • 3+ years of experience in cybersecurity, of those, at least 2+ years in a GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc.) supporting the assessment and authorization of systems, including continuous monitoring.

Responsibilities

  • Serve as the primary point of contact for System Owners and Federal ISSOs for assigned systems.
  • Support the agency’s risk management process by maintaining visibility and awareness of changes to the cyber threat landscape that impact the security posture of their assigned systems and ensure efforts to address security risk are executed efficiently and on schedule.
  • Interface broadly with internal branch customers as well as external branch stakeholders to support achievement of the program’s strategic goals and objectives and mature its A&A capabilities and services.
  • Work independently and as a member of a team to guide federal customers through the Risk Management Framework, focusing on A&A and continuous monitoring lifecycles.
  • Execute A&A and ongoing authorization activities and provide guidance and technical direction to SO and Federal ISSOs, as required. Serve as a primary interface on status of packages for their assigned systems.
  • Collaborate with the Security Engineering and Architecture team members on risk assessments, impact assessments, vulnerability and compliance management and security change requests to ensure system compliance, up-to-date package information, and that all system changes are being executed within the configuration control lifecycle.
  • Support the GRC PM and GRC Lead in ensuring a coordinated and collaborated approach on whole-of-program efforts in support of RMF/CSF maturity.
  • Support the maintenance and upkeep of system packages using a GRC application (e.g., CSAM / eMASS / XACTA) and/or customer tool(s) to ensure auditability and report on the security posture of assigned systems.
  • Provide technical guidance and best practices to the team and customers to ensure that the agency achieves maximum value from its IT investments.

Preferred Qualifications

  • Experience with vulnerability scanning reports and findings from Nessus, Security Center, or Qualys
  • Experience with CSAM preferred
  • Be a customer centric ambassador for anything A&A