Information Systems security officer
Colorado Springs, CO 80916
Location: Washington, DC
Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (SO), Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system. Responsible for ensuring the implementation and maintenance of security controls in accordance with the Security Plan (SP) and Department of Homeland Security (Client) policies.
- Collaborates with users, vendors, technicians, and managers to understand and assess computing and system needs and requirements.
- Communicates the goals, policies, and procedures of the company to the CIS team; develops plans to implement these needs.
- Evaluates current technology use and needs of the company and recommends software and hardware improvements.
- Oversees backup, security, and user help systems.
- Remains current on advances in technology.
- Provides technical support to users.
- Prepares and delivers operational or project progress reports.
- Implements and oversees operational budget and expenditures.
- Performs other related duties as assigned.
- Facilitates and manages the development, modification, and operation of security protocols including intrusion detection and prevention systems to protect the organizations information from breach or loss.
- Conducts periodic audits and due diligence checks of security protocols, evaluating systems for vulnerabilities.
- Recommends modifications to security protocols as required.
- Develops and/or provides training and guidance on acceptable use, risk management, incident response, and security protocols to employees.
- Periodically briefs senior management on status of security system and protocols.
- Reviews reports of, and evaluates response to, any security incidents.
- Ensures that monitoring operations comply with all applicable government regulations and standards.
- Maintains current knowledge of emerging security threats, technical challenges, and developments in system protection and IT security standards.
- Performs other related duties as assigned.
None required for this position
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
- Must be able to remain in a stationary position 75% of the time.
- Occasionally moves about inside the office to access file cabinets, office machinery, etc.
- Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
- Expresses or exchanges ideas by means of the spoken word. Those activities in which they must convey detailed or important spoken instructions to other workers accurately, loudly, or quickly.
- Frequently moves standard office equipment up to 25 pounds.
- Must be able to work indoor conditions 90% of the time.
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.
Position Type/Expected Hours of Work
This is a full-time position. Typical days and hours of work are Monday through Friday, 8:00 a.m. to 5:00 p.m. Evening and weekend hours required, as required by business need.
Travel is primarily local during the business day, although some out of the area travel and overnight may be expected.
- Experience working as an ISSO supporting federal government information systems (e.g. Client IACS Xacta), IT security certifications (e.g. CISSP, ISSEP, CEH, etc.), experience with ISO, NIST and US Government standards and cybersecurity frameworks (e.g. FISMA, FIPS, HSPD), system administration, cloud and engineering experience (e.g. UNIX, AWS, JAVA, Hadoop, etc.), and ITSM (ITIL-aligned) IT security management, engineering, and analysis experience.
- Active vendor certifications and/or work exposure in the following technical areas are a plus: AWS Certified Solutions Architecture Cisco Certified Network Professional (CCNP) Hadoop Java Microsoft's Certified Systems Engineer (MCSE) with focus on security Oracle DB or SQL Server DB Red Hat Certified System Engineer (RHCS Engineer) Web 2.0 technology
- ISSO candidates must have at least one of the following security certifications Active: CISSP: Certified Information Systems Security Professional ISSEP: Information Systems Security Engineer Professional ISSAP: Information Systems Security Architect Professional CEH: Certified Ethical Hacker CNDA: Certified Network Defense Architect GIAC: Global Information Assurance Certification CRISC: Certified in Risk and Information Security Control
- Strongly prefer a Bachelor's degree and at least 7-12 years of progressive technical (hands-on) experience relate to Information Assurance C&A
Must possess CBP BI
All Native Group is an equal opportunity employer. All applicants are considered without regard to age, sex, race, national origin, religion, marital status or physical disability. However, preference may be extended to persons of Indian descent in accordance with applicable laws.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.