Vets Hired
Information System Security Officer (ISSO)
Vets Hired, Washington, District of Columbia, us, 20022
About the job Information System Security Officer (ISSO)
Responsibilities:
Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2 Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s) Continuously update all Security Authorization documentation to maintain assigned systems ATO or system go live dates Select the baseline security controls for the IT system, using Archer, and tailor where appropriate Document all relevant NIST 800-53 Security Controls for assigned IT systems Perform and document initial and annual risk assessments of all systems Develop and document all supporting Security A&A artifacts (PIA, SP, ITCP, BIA, CMP, MOU, ISA) Assist in the development of the Security Assessment Plan (SAP) Develop Security Assessment Reports (SAR) Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO) Track the deployment of software to the environment that is not part of the base image Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for assigned IT Systems The Need-to-Have Skills & Qualifications:
Working knowledge and experience with CSAM and RMF DHS experience Experience working with system stakeholders to assess and manage system cybersecurity risk Knowledge of the process to obtain a system ATO and requirements to maintain the ATO Experience working with system stakeholders to assess and manage system cybersecurity risk Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations Ability to write clear, concise and effective security control implementation statements Familiarity with configuration settings and vulnerability management analysis of infrastructure devices. Ability to draft a complete ATO package, to include the SSP. Ability to work independently and within given timelines.
Responsibilities:
Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2 Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s) Continuously update all Security Authorization documentation to maintain assigned systems ATO or system go live dates Select the baseline security controls for the IT system, using Archer, and tailor where appropriate Document all relevant NIST 800-53 Security Controls for assigned IT systems Perform and document initial and annual risk assessments of all systems Develop and document all supporting Security A&A artifacts (PIA, SP, ITCP, BIA, CMP, MOU, ISA) Assist in the development of the Security Assessment Plan (SAP) Develop Security Assessment Reports (SAR) Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO) Track the deployment of software to the environment that is not part of the base image Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for assigned IT Systems The Need-to-Have Skills & Qualifications:
Working knowledge and experience with CSAM and RMF DHS experience Experience working with system stakeholders to assess and manage system cybersecurity risk Knowledge of the process to obtain a system ATO and requirements to maintain the ATO Experience working with system stakeholders to assess and manage system cybersecurity risk Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations Ability to write clear, concise and effective security control implementation statements Familiarity with configuration settings and vulnerability management analysis of infrastructure devices. Ability to draft a complete ATO package, to include the SSP. Ability to work independently and within given timelines.