Information Assurance and Security Advisor-ISSO

$104,000 - $166,000/Yr

Peraton - Washington, DC

posted 4 months ago

Full-time
Washington, DC
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Information Assurance and Security Advisor (ISSO) will serve as the primary security point of contact for the program, working closely with federal stakeholders to develop and implement a strategy for advancing security operational compliance activities. This role is integral to the Zero Trust security framework aligned with the program's vision. The ISSO will manage and coordinate security delivery for ongoing base operations and any investment initiatives that require security subject matter expertise (SME). In this position, the ISSO will collaborate with the Program Manager and other stakeholders to plan and prioritize operational compliance activities, including Authorization to Operate (ATO) recertifications and Assessment and Authorization (A&A) deliverables. The ISSO will ensure that necessary security controls are in place and functioning as intended to protect the confidentiality, integrity, and availability of information from both internal and external risks. The role involves designing, developing, and recommending integrated security system solutions to safeguard proprietary and confidential data and systems. The ISSO will also provide technical engineering services to support integrated security systems and solutions, interfacing with clients during the strategic design process to translate security and business requirements into technical designs. Responsibilities include configuring and validating secure complex systems, testing security products and systems to identify vulnerabilities, and overseeing the day-to-day security operations of the contractor's information systems and IT resources. This includes managing infrastructure, facility, training, service delivery, quality assurance, workforce management systems, problem escalation and resolution, and performance monitoring systems in accordance with GSA IT Security policies.

Responsibilities

  • Serve as the primary security point of contact for the program.
  • Develop and implement a strategy for advancing security operational compliance activities as part of a Zero Trust security framework.
  • Manage and coordinate security delivery for ongoing base operations and investment initiatives requiring security SME.
  • Plan and prioritize operational compliance activities such as ATO recertifications and A&A deliverables.
  • Ensure necessary security controls are in place and operating effectively to protect confidentiality, integrity, and availability.
  • Design, develop, and recommend integrated security system solutions to protect proprietary and confidential data.
  • Provide technical engineering services for integrated security systems and solutions.
  • Interface with clients to translate security and business requirements into technical designs.
  • Configure and validate secure complex systems and test security products to detect weaknesses.
  • Oversee day-to-day security operations of contractor information systems and IT resources.

Requirements

  • Minimum of 8 years of experience with a BS/BA or 12 years with a HS Diploma.
  • 8+ years of experience in assessment and authorization processes, securing ATO for System Security Plans.
  • Demonstrated proficiency in cloud auditing and formulating SSP packages from the ground up.
  • Proficient in NIST standards and FISMA requirements for Moderate level systems, including compliance and reporting.
  • Experience in managing security certification and accreditation activities utilizing NIST Special Publication 800-53 Revision 5 framework.
  • Extensive experience with the NIST Risk Management Framework (RMF) and knowledge of NIST Special Publication 800-30 for risk assessment.
  • Skilled in developing System Security Plans aligned with SASE and Zero Trust Architecture, incorporating FedRAMP-approved solutions.
  • Experience with cloud-based SIEM and monitoring solutions within platforms such as Azure, AWS, or GCP.
  • Experience in designing secure cloud environments within multi-cloud infrastructures using FedRAMP authorized solutions.
  • Experience in overseeing compliance risks for on-premises and cloud environments according to FIPS cryptographic standards.
  • Experience in continuous security monitoring within regulated environments, leveraging KPIs to assess security activities.
  • Skilled in reporting and coordinating metrics with stakeholders across government departments and agencies.
  • Understanding and experience in delivering architecture based on the 'Secure by Design' principle.
  • Ability to translate technical security concepts for senior government leaders and back-translate strategic objectives into technical directives.
  • Proficient in Agile Development Methodology, with experience in conducting daily stand-ups with stakeholders.
  • Capability to assemble a System Security Plan that integrates multiple FedRAMP cloud packages with on-premises infrastructure.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service