RESPONSIBILITIES:Kforce is immediately adding a full time Information System Security Officer to our team in support of our enterprise technology solutions client in Herndon, VA. Our client is an end-to-end services company providing information technology and consulting services to businesses and governments.
The Information System Security Officer (ISSO) is part of the Office of Chief Information Security Office (OCISO) and plays a Cybersecurity operational compliance role within the US Public Sector. The position is responsible for assisting other ISSOs with Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities within the US Public Sector.
The following are the primary responsibilities:
- Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
- Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing
- Reviews and continuously monitors implemented security controls
- Creates and maintains security checklists, templates and other tools to aid in the A&A process
- Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements
- Performs risk analyses to determine and recommends essential safeguards
- Proactively mitigates system vulnerabilities and recommends compensating controls
- Prepares security authorization packages in accordance with the client contractual requirements
- Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
- Maintains client-specific Plan of Action and Milestones and supports remediation activities
- 5-7 years' experience working in a risk management, audit, security or technical delivery role
- Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
- Experience in Information Security Risk and Compliance and familiarity using IA tools, such CSAM
- Experience in working with security management including information governance and compliance
- Experience of security processes and standards, in particular NIST 800-series and Risk Management Framework
- Knowledge of security audit and accreditation processes
- Knowledge of the security countermeasures and overall RMF and NIST compliance regulations
- Good understanding of Assurance Practices and Risk Management, with hands on experience
- Ability to adapt to new security environments/culture
- Ability to interpret government request for proposal and respond to security and compliance related requirements
- Ability to work effectively in diverse, multi-national and virtual environments
- Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information
- Applicants must be fully authorized to work in the U.S. without sponsorship
The following experience is preferred:
- Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
- Experience of presenting at client meetings
- Experience of translating contractual security requirements to deliverables Knowledge of Federal Government Security, industry and market trends
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.