The Information System Security Officer (ISSO) shall represent Actionet and support the National Security Business Unit Deputy Director, Program Manager, SOC Manager and designated authority under the DHS SOC Service Support Contract. The Information System Security Officer (ISSO) serves as the principal advisor to the designated Information System Owner, Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system. ISSOs are responsible for ensuring the implementation and maintenance of security controls in accordance with the System Security Plan (SSP), Department of Homeland Security (DHS) policies, and NIST 800-53A guidelines.
The ISSO will be responsible for proactively managing security authorization schedules, performing risk management, supporting external and internal security audits, ensuring user and account security [policies are adhered to per DHS USCIS policy requirements. ISSOs are responsible for conducting structured security certification and accreditation activities utilizing the Risk Management System (RMS) and the Trusted Agent FISMA (TAF) system. As a member of a Security Team, the candidate will lead the review of technical, management and operational Security Controls in accordance with the national Institute of Standards and Technology (DHS) 4300a to ensure the completeness and effectiveness of the IT system’s information technology and security solutions. The ISSO will be responsible for ensuring that Certification and Accreditations (C&A) documents, Plan of Action and Milestones (POA&M) and artifacts are maintained and updated in accordance with DHS USCIS policy. The ISSO will proactively approach and coordinate with all applicable system stakeholders to ensure secure system lifecycle management support. The ISSO must possess excellent communication and writing skills and be proficient in MS Office suite.
Four (4) to seven (7) years of IA experience is required; 2 of which must be FISMA-related.
• Knowledge of DHS Information Security Policy Directives and Handbooks
• Extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems
• 4-7 years’ experience directly performing Certifications and Accreditations on Federal or DoD Information systems
• Experience creating Certification and Accreditation (C&A) documentation and artifacts
• Specialized knowledge of Federal/DoD information systems audit standards, classified system IA requirements, Privacy Act requirements, or Critical Infrastructure Protection Knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with risk management policy and procedures
• Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
• A deep and thorough understanding of operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
• Experienced in performing vulnerability scanning execution, assessment, and analysis utilizing security systems tools
• Experience and knowledge with IT Security System Tools such as; Symantec BindView, Cisco ACS, WIN MAGIC, Netwitness, Xceedium Gatekeeper, FidelisXPS, ArcSight, Paraben, FTKEnterprise, AppDetective, McAfee EPO, Nessus, Encasev7
• A deep and thorough understanding of Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
• Ability to perform risk assessments and security audit services.
• Experience with application security, database security, and network security tools and IA controls
• Ability to assess and weigh current and evolving security threats in an operational environment
• Experience in supporting, monitoring, testing, and troubleshooting hardware and software IA problems
• Experience with Security Information and Event Management (SIEM) systems
In addition to the education requirements stated above the candidate must possess current 85701.01M industry compliant certifications
• Industry certifications in security or information assurance such as CISA, CISSP, CEH
• Must be a US Citizen
• Must possess active Secret clearance or higher and have the ability to obtain TS/SCI
• Willing to work overtime, holidays, and weekends as necessary
• Willing to work shift rotations if required
• Must be able to lift 50lbs