Truezerotech13mo ago

Information Systems Security Officer (ISSO Lead) (R-00047)

Washington DcRemoteFull-Timelead

SecurityOtherInformation Systems Security Officer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

True Zero Technologies, a veteran-owned small business,

Technical Tools

SecurityOtherInformation Systems Security Officer

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

Requirements

~3 min read

Maintaining the overarching operational security posture and managing the day-to-day security operations of your assigned Information System (IS);

Developing, reviewing, and maintaining security and authorization documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs);

Performing vulnerability/risk assessment analyses to support assessment and authorization (A&A);

Ensuring the implementation and maintenance of security controls in accordance with the SSP and the organization's security policies, standards, and procedures;

Supporting security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).

Providing configuration management (CM) for IS security software, hardware, and firmware, and leading Change Control Board (CCB) meetings; and,

Providing guidance and security expertise to program leadership.

Lead ISSO support activities across assigned systems, projects, or operational areas

Support RMF implementation and authorization and accreditation activities for federal systems

Support FISMA reporting, data calls, and related compliance deliverables

Help maintain system security posture in alignment with federal cybersecurity requirements

Review, analyze, and support updates to IT, cybersecurity, and privacy policies and procedures

Coordinate with technical teams, system owners, and government personnel on security matters

Support risk management, security documentation, and control validation activities

Assist with security control assessments, issue tracking, and remediation coordination

Support audit response activities and compliance-related reviews

Use MITRE ATT&CK to help communicate monitoring and control gaps, support risk discussions, and inform remediation recommendations

Provide leadership for ISSO processes, practices, and quality of work products

Prepare reports, recommendations, and briefings for leadership and stakeholders

Ensure timeliness, accuracy, and completeness of ISSO-related deliverables

Experience with and knowledge of Federal DevSecOps frameworks and processes

Clearance Required-Secret Clearance (Interim)

Experience with IS accreditors, policies, and procedures to support Authoriy to Operate (ATO)/Authority to Connect (ATC) decision making and operational practices.

Experience with RMF, NIST SP 800-53, Security Technical Implementation Guides (STIGs), and/or Security Content Automation Protocol (SCAP) Compliance Checker

Knowledge of and experience leading the A&A process

Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Experience in preparing detailed SSPs to achieve ATO objectives.

Knowledge of new and emerging IT and cybersecurity technologies.

Additional Qualifications Include:

-7–10 years of experience in cybersecurity assurance

-Strong experience supporting RMF, authorization and accreditation, system security oversight, and compliance activities

-Experience supporting FISMA reporting, security documentation, and control validation efforts

-Experience working with cybersecurity policies, procedures, and governance requirements in federal environments

-Familiarity with MITRE ATT&CK and the ability to use it to communicate monitoring or control gaps and support remediation discussions

-Ability to coordinate across technical and non-technical stakeholders in support of secure system operations

-Strong analytical, organizational, and communication skills