| Looking For Information System Security Officer Hybrid Multiple Location at Remote, Remote, USA |
| Email: [email protected] |
| From: Akash Kumar, Sonitalent LLC [email protected] Reply to: [email protected] Hi Hope you are doing well, We are looking for an Information System Security Officer, please let me know if you are looking for this role and send me your updated resume also. Job Title: Information System Security Officer Job Location [Washington, DC, 20003] Location is hybrid remote in VA, MD, DC only Need Local Duration 6 Months+ Visa -USC, Only Note - Need LinkedIn Job Description Must be able to obtain a Position of Public Trust Clearance All candidates must be a US Citizen only Candidate must have lived in the United States for the past 5 years consecutively. Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. Required for consideration: Resumes must be no longer than 4 pages to be considered Cities/States must be listed for each role Graduation years are required Gaps in employment must be explained Peraton US Capitol Police (USCP) Account Position Description Information System Security Officer (ISSO)/Analyst : Primary Skillset: Experienced at providing Assessment and Authorization Services (A&A) across the IT enterprise of an organization. Responsibilities: Coordinate with USCP system owners to prepare, update, and maintain necessary system security documentation for assessment and accreditation activities. o IE: System Security Plan, supporting artifacts to the ATO package (vulnerability scans, risk assessment reports), System Architecture diagrams, ports/protocols/services definitions, Supply Chain Risk management. o Configuration compliance and/or DISA STIG compliance (Federal customers do reference the STIG requirements). Not an immediate need however goal for the future is to utilize DISA STIG requirements. o Be prepared to present and defend findings to the authorizing official for all systems (OIS CIO of the USCP). o Work with systems (currently QMULOS) as well as manual spreadsheets and documents to demonstrate control compliance and management the POAMS (Plans of Actions and Milestones) to maintain the ATO/i-ATO and any Permanent Policy Control/Exception Provide the rights for any operation compliant with NIST800-53 V4 (immediate) and V5 (future) security controls for assessing and authorizing controls to operate. Provide consulting services for assisting in the planning and migration to V5. Operate within the USCP A&A environment, responsible for security control mapping, documentation, reporting, and alerting on non-compliance. This action supports the OIS and IT mission statement security plan and the A&A goal. This action currently utilizes the QMULOS to perform continuous monitoring of controls with expectation perform soon in a Continuous ATO, autonomous environment. Conduct independent security assessments of security controls for USCP systems through interviews, document reviews, and testing of the system to ensure that appropriate controls are in place and operating as designed and intended. Assessments must be performed by qualified personnel, include thorough analysis, and be accomplished in accordance with the USCP Risk Management Framework, current NIST regulations, and other required and federal standards and regulations. To accomplish the above the ISSO is required to coordinate with vendors, agencies to create technical presentations and write the risk assessment(s) and place artifacts in the system. Stay abreast of USCP system change management activities and perform security testing and thorough analysis to ensure that none of the changes/modifications/updates introduce security risk into the environment. Ensure a positive and productive working relationship with USCP key stakeholders and or external agencies as applicable. Know and keep current with all applicable NIST, Office of Management and Budget (OMB), Committee on National Security Systems (CNSS), and other Federal Information Technology Security mandates, how these mandates tie into USCP security operations, and the impact of the security requirements on USCP systems and mission. Provide input either immediately or in the near future based on experience with the following: DISA STIGS (Security Technical Implementation Guide) Future; National Vulnerability Database (NVD) Nice to have, not immediately required; Information Assurance Vulnerability Alerts (IAVA) to mitigate risk- nice to know by not immediately required. Required Skills/Experience: 8+ years of experience working within the field of Information Systems Security 3+ years of experience with documenting and mapping security controls as an ISSO 3+ years of experience in working with NIST RMF for A&A Expert knowledge of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and A&A processes. Experienced at supporting and leading when required Assessment and Accreditation activities across the IT enterprise Working knowledge of NIST800-53 V4 and V5 security controls for assessing and authorizing controls to operate. Proven experience utilizing A&A tools for containment and updates of security controls, documentation, reporting, and alerting on non-compliance Evidence of conducting multiple independent security assessment of security controls in accordance with a clients Risk Management Framework, current NIST regulations, and other required and federal standards and regulations for client systems through interviews, document reviews, and testing of the system to ensure that appropriate controls are in place and operating as designed and intended. Working knowledge of all applicable NIST, Office of Management and Budget (OMB), Committee on National Security Systems (CNSS), and other Federal Information Technology Security mandates. Direct and proven leadership experience at directing vendors and system owners for obtaining the information needed to complete the following documentation in pursuit of a full ATO of systems (proven experience to conduct ATO's of multiple systems at the same time): Documents to include at minimum creating or updating and presenting the following: FIPS 199, Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), Business Impact Analysis (BIA), Controls Assessment. Ability to independently coordinate and write responses to multiple controls (ie: AC-02) and the implementation statements and/or artifacts required for those controls. Proven capability in guiding system owners and assisting in documenting a Risk Based Decision (RBD) by performing a risk assessment when a security control requirement cannot be met. Desired Skills (Experience in any of the following is strongly desired): Ability to recommend and implement when required a strategy and repeatable process for continuous monitoring and on-going authorizations consistent with NIST guidance. Work Location: Must be able to travel to the US Capitol Police, Office of Information Systems offices (499 South Capitol Street SW, Washington DC) as requested to by the customer in order to fulfill the requirements of the position. Two (2) trips are required to start on the contract: 1X for Fingerprints to obtain the USCP clearance; 1X on first day to pick up USCP assets. Clearance: U.S. Citizenship Must be able to obtain and maintain a USCP Agency clearance (pass fingerprint/criminal background check). Education: BA/BS or equivalent experience (8+ years of prior relevant experience) or Masters or 11+ years prior relevant experience Active Certifications w/year acquired: Security+ or CISSP Certification -- Akash Kumar Technical Recruiter, Sonitalent Corp Direct:8596593266|| https://www.linkedin.com/in/akash-kumar-151a8025a/ [email protected] 5404 Merribrook Lane, Prospect, KY, USA. Keywords: business analyst information technology Kentucky Maryland Virginia |
| [email protected] View all |
| Thu Sep 07 23:12:00 UTC 2023 |