Information Systems Security Officer – Isso
| Company | AnaVation LLC |
|---|---|
| Location | Reston, VA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s, Master’s |
| Experience Level | Senior, Expert or higher |
Requirements
- Active TS/SCI Clearance with CI poly
- Bachelor’s degree in relevant field and 8+ years of experience related to specific functional area (May substitute Master’s degree in lieu of 2 years of experience)
- CompTIA Security+ or equivalent IAT Level II
- Currently hold or able to obtain CSSP certification (such as Cloud+ or equivalent)
- Experience and knowledge on ensuring the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS in supporting compliant ATO status
- Provide liaison support between the system owner and other IS security personnel
- Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
- Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
- Conduct required IS vulnerability scans according to risk assessment parameters
- Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
- Manage the risks to ISs and other assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)
- Coordinate system owner concurrence for correction or mitigation actions
- Review, update and monitor security controls for ISs to maintain systems Authorized To Operate (ATO)
- Provide clear and concise decisions supporting IA Control Implementation applicability, inheritance, and requirements
- Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation.
Responsibilities
- Manage all aspects of an organization’s information security system
- Conduct risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity
- Write Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
Preferred Qualifications
- Security certifications: Security+, CCNA Security, CISSP, CySA+, SSCP, CCSP, or equivalent certification
- CSSP certifications: CEH, CFR, CySA+, Cloud+, CCNA Security, GICSP
- AWS, Cloud certifications