AnaVation is looking for a talented Information Systems Security Officer who is passionate about technology and working with cutting edge software and hardware to support our mission critical customer in Washington, DC. The ideal candidate appreciates partnering with our customer and a group of engineers to create innovative engineering solutions. Qualified Candidsates must have an active Top Secret clearance.
The ISSO is responsible to the System Owner (SO) and Information Systems Security Manager (ISSM) or the Chief Security Officer (CSO) for ensuring that an appropriate operational security posture is maintained for each assigned Information System (IS) or Information Assurance IA) program (field office). The ISSO is responsible for the day-to-day implementation, oversight, and maintenance of the security configuration, practices, and procedures for each IS under the ISSOs purview in accordance with customer and Federal policies and guidelines.
ISSO duties and responsibilities fall into five main areas: security operations and management (including access control and other policy implementation), IS security planning/documentation, security monitoring and evaluation (including audit, assessment and risk management), security awareness and training, and security incident reporting and response management.
The ISSO is responsible for ensuring the maintenance of the authorized security posture for assigned ISs on a day-to-day basis. This encompasses those activities that ensure the IS, including its administration, processes, and users, are operating in the approved secure manner and as documented in the System Security Plan (SSP). Where IS processes or administration are not his or her direct responsibility, the ISSO must provide oversight and guidance, when required, and coordinate with other members of the security team to ensure compliance with security policies and required procedures.
The ISSO writes and maintains the SSP which describes in detail how security will be implemented and managed on the IS throughout its lifecycle, as well as the Security Assessment and Authorization (SAA) documentation and prepares or coordinates the preparation of all other required system security documentation. All data, including the SSP, is entered into the customers Governance, Risk, and Compliance (GRC) application, RiskVision. RiskVision is the system used to manage, under continuous monitoring, all accredited FBI ISs.
The ISSO conducts continuous security monitoring of assigned ISs to create and support an environment where protection strategies are integrated effectively throughout the ISs lifecycle and incorporated into its everyday business processes. This requires regular and periodic review of the effectiveness of implemented security controls and processes. The ISSO assists in the conduct of SAA activities, from the kickoff meeting to the development and management of Plan of Actions and Milestones (POA&M). This includes the conduct of and support for security assessments and security risk assessment activities and assisting in the development of correction or mitigation strategies. The ISSO also conducts periodic self-assessments of assigned ISs, at least annually, and complies with all other Federal Information Security Modernization Act (FISMA) requirements for documentation and reporting, as assigned.
ISSOs are resources in the divisions and field offices to support personnel in reporting security incidents, either through training or assisting customer personnel in making the report. ISSOs may also submit the required reports when they gain knowledge of security incidents. ISSOs coordinate with IS or security personnel in IS recovery and in the correction or mitigation of security incidents, either at the direction of or in coordination with the ISSM or CSO.
The ideal candidate is an Information Assurance security professional who possesses at least 5 years of IA Security consulting experience. The desirable candidate must have experience with large Local Area Networks, Wide Area Networks, vulnerability management, as well as Security Technical Implementation Guides (STIG) compliance and must be familiar with Incident Response, Security Analysis, and Nessus.
Additionally, the ISSO must have good knowledge of Public Key Infrastructure (PKI) system. The ISSO may be required to review the PKI system and apply a compliance assessment of the system to ensure its readiness to complete the transition.
Required certification: The ISSO candidate is required to be certified with one of the following during the period of performance of the Task Order: Certified Information Systems Security Professionals (CISSP), ISC2 Certified Authorization Professional (CAP), GIAC Security Leadership Certification (GSLC), ISACA Certified Information Security Manager (CISM), ISACA Certified Information System Auditor (CISA).
AnaVation is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.
If you need a reasonable accommodation for any part of the employment process, please contact us by email at email@example.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.