Lead Information System Security Officer (ISSO)
Washington, DC | Contract to Hire
Seeking an Information System Security Officer (ISSO) to support the RMF cycle with a focus on FISMA and NIST
- Bachelor’ s degree and 8+ years of experience or 15+ years without degree
- Candidates MUST have functional expertise in designing and leading policy, process and procedures surrounding NIST and RMF.
- Candidates must have some experience with tools such as Nessus for vulnerability scanning.
- (Preferred) Certification relating to IT security (CISSP, GIAC, CEH, etc.).
- At least 3 years at a Federal Agency (preferably Executive Branch) working with FISMA as a Risk Management Framework (RMF) SME
- 8 years of progressive Information Technology (IT) experience including at leastFive (5) years’ experience in IT security, including C&A and/or IT security risk analysis, preferably in support of the Federal Government
- Extensive experience with Federal Government C&A practices and policies, particularly FISMA, NIST SP 800-53.
- Create and implement Plan of Action & Milestones (POA&M) to address security vulnerabilities.
- Develop the required artifacts as part of updating the general LAN and minor applications' System Security Plan (SSP)
- Plan, implement and upgrade security measures and controls
- Ability to categorize selected systems, determine security controls, oversee the implementation of selected controls, assess the implemented controls, and oversee continuous monitoring of the controls.
- Experience with system categorization, security boundary definition, and selecting security controls.
- Ability to perform risk assessments, and do network boundary diagrams