Senior Information Systems Security Officer (Onsite ONLY) with Security Clearance
Crest Security Assurance
2024-11-07 09:42:32
Smyrna, Georgia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Position Overview:
The Senior ISSO plays a pivotal role in supporting the customer cybersecurity programs through the implementation and management of Risk Management Framework (RMF) requirements with a focus on Zero Trust architecture. This position ensures that information systems are categorized, secured, and assessed in accordance with regulations, directives, and the principles of Zero Trust. The Senior Analyst is responsible for conducting in-depth security assessments, coordinating security controls, and ensuring compliance with DoD cybersecurity policies and standards, including adherence to DoD 8140 IAM III requirements.
The Senior ISSO will provide strategic support for system owners and stakeholders in designing, implementing, and sustaining a Zero Trust architecture that aligns with mission objectives, RMF guidelines, and Zero Trust principles. The ideal candidate will have strong analytical skills, an in-depth understanding of cybersecurity policies, and demonstrated experience in system categorization, continuous monitoring, and the risk management of complex information systems. Responsibilities:
Lead Zero Trust RMF Compliance Implementation: Implement Zero Trust principles in Risk Management Framework activities, including system categorization, security control selection, and continuous monitoring.
System Categorization: Conduct system categorization activities for DoD information systems in accordance with Zero Trust RMF guidelines. Work closely with system owners to understand the data flows, roles, and interactions that impact risk posture.
Security Control Assessment and Documentation: Evaluate security controls and develop System Security Plans (SSPs) and other RMF artifacts. Document system security postures and ensure that appropriate controls are in place to maintain confidentiality, integrity, and availability.
Continuous Monitoring and Reporting: Implement continuous monitoring strategies using Zero Trust principles to identify and mitigate risks in real time. Establish feedback mechanisms to dynamically adjust system categorization and security controls based on emerging threats.
Vulnerability Management: Ensure that systems are continuously assessed for vulnerabilities, particularly in the context of Zero Trust, which assumes adversaries may already be within the network. Coordinate remediation efforts in line with DoD and organizational policies.
Zero Trust Architecture Support: Collaborate with system architects, network engineers, and cybersecurity professionals to develop and integrate Zero Trust architecture across DoD information systems. Recommend security enhancements and ensure that security measures are continually adapted to evolving threats.
Stakeholder Engagement: Engage with DoD stakeholders, system owners, and leadership to provide briefings, reports, and strategic recommendations on RMF and Zero Trust implementation efforts. Facilitate discussions around cybersecurity strategies, risk acceptance, and security controls.
Policy and Compliance Oversight: Ensure compliance with all DoD cybersecurity policies, including DoD 8140/8570. Monitor changes in DoD cybersecurity regulations and adjust organizational policies and practices accordingly.
Incident Response and Remediation: Support incident response teams in managing and mitigating security incidents, ensuring that all vulnerabilities are properly remediated in accordance with Zero Trust principles.
Security Assessments and Audits: Conduct internal security audits and prepare systems for external security assessments. Validate compliance with RMF requirements through risk assessments, security control validation, and security testing. Minimum Qualifications:
Experience: 7+ years of experience in cybersecurity roles, including hands-on experience with RMF processes.
Demonstrated experience reviewing Zero Trust architecture within DoD or federal environments for compliance against NIST 800-207.
Experience developing RMF documentation (e.g., SSPs, POA&Ms, PTA/PIA, FIPS 199, risk assessments) IAW NIST 800-37 and 800-53 Guidance.
Expertise in continuous monitoring, vulnerability management, and incident response within the Zero Trust framework.
Education:
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience).
Master's degree is preferred but not required. Certifications:
Must meet DoD 8140/8570 IAM Level III requirements, which include one or more of the following certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Chief Information Security Officer (CCISO)
GIAC Security Leadership (GSLC) Clearance:
Active DoD Secret clearance is required