Information Systems Security Officer - (ISSO)
Company: Zermount, Inc.
Posted on: April 10, 2021
The Information Systems Security Officer (ISSO) will provide
Security Assessment and Authorization (SA&A) support to the
client and their IT systems within the client's inventory. These
systems are a combination of General Support Systems, Major
Applications, Minor Applications and Subsystem at various impact
levels. The ISSO will be responsible for developing and providing
risk and vulnerability assessments, Security Control Assessments
(SCA), SA&A documentations and various reports, based on NIST
guidelines and client's policies, procedures and request.
- Developing a detailed project schedule, including SA&A/SCA
task and milestones, task dependencies, and personnel
- Conduct SA&A activities sand tasks and obtain Authorization
to Operate (ATO) in line with NIST and client guidance and
- Determining the baseline IT Security requirements for IT
Systems, identifying system boundaries, determining information
categories, assisting with FIPS-199.
- Ensure that IT Systems are operated, used, maintained, and
disposed of in accordance with internal security policies and
- Enforce security policies and safeguards on all personnel
having access to the IT System for which the ISSO has
- Ensure users and system support personnel have the required
authorization and need-to-know; have been indoctrinated; and are
familiar with internal security practices before access to the IT
- Review and generate SA&A and system documentation as
- Selecting baseline controls for the IT System using RSA Archer
and tailor security controls as appropriate.
- Implement security controls based on IT System FIPS
- Documenting security control implementation in the system's
Security Plan using the Library's Information Assurance (IA) tool
- Conduct SCA for IT systems, when required.
- Document system's risk assessment per client directives and
- Develop and document all required artifacts for the SA&A
- Conduct Contingency Plan Test (CPT) for systems.
- Review and monitoring system security and audit logs.
- Develop and maintain Plan of Actions and Milestones
(POA&Ms) for IT systems.
- Update SA&A documentation and artifacts on a regular basis
(e.g. annually, after approved change).
Required Skill and Experience:
- A minimum of five (5) years of demonstrated experience in the
Information Security (Cybersecurity or Information Assurance)
- Demonstrates a proficiency with developing, maintaining and
managing SA&A packages.
- Experience with developing and managing POA&M's.
- Displays technical experience with conducting research and
providing review recommendations on software and technologies for
- Technical experience with reviewing vulnerability scans and
providing mitigation techniques.
- Possess expertise in conducting SCA's.
- Experienced writing security related policies and
- Possess experience conducting CPT's.
- Experience with conducting audit log reviews.
- Experience with NIST Special Publications and guidance.
- Strong problem solving and analysis skills, self-motivated, and
able to work and communicate in a team environment.
- Excellent communication (written and verbal) skills
- Bachelor's degree or higher in computer science, Information
Technology, Information Security, or similar fields.
- A minimum of at least one (1) certification must be active
relating to information security such as:
- Certified Information Systems Security Professional
- GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC,
- CompTIA Security +
- Minimum of an Active Secret Clearance (Top Secret
Work Location and Core Hours:
- Washington DC - 7:00 am - 5:00 pm
Powered by JazzHR
Keywords: Zermount, Inc., Washington DC , Information Systems Security Officer - (ISSO), IT / Software / Systems , Washington, DC
Didn't find what you're looking for? Search again!