Principal Information System Security Officer

About the position

Steampunk is seeking a Principal Information System Security Officer to support a government customer by ensuring that security levels are maintained at an acceptable risk. The role requires strong initiative, organization, and customer service skills, along with the ability to adapt to a fast-paced environment. Effective communication and problem-solving skills are essential, particularly regarding sensitive information.

Responsibilities

• Proactively create, monitor, and update the status of POA&Ms to ensure weaknesses are resolved according to scheduled completion dates.
• Create Waivers or Risk Acceptance Memos for effective management of system risks.
• Conduct annual assessments in accordance with the DHS Information Security Performance Plan.
• Review and update security authorization documents at least annually.
• Conduct Contingency Plan tests annually and update the plan as necessary.
• Perform system self-assessments as part of the customer's Ongoing Authorization program.
• Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management.
• Provide audit support for assigned systems throughout the audit process (Pre, During, and Post Audit).
• Maintain knowledge of inventory in the accreditation boundary.
• Use CBP and DHS mandated enterprise IA Compliance Tools.
• Devise a plan to certify and accredit assigned Information systems.
• Respond to emerging requirements or policies set by legislation, regulation, or policy.
• Participate in DevOps Sec requirements for assigned systems.
• Support the review and update of security authorization documents as needed.
• Coordinate with Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements.
• Ensure security requirements are included in the development cycle (Waterfall, Agile, SecDevOPs).
• Ensure CM processes are followed to prevent introducing new security risks.
• Support the management of Information Security Vulnerability Management (ISVM) Compliance.

Requirements

• Bachelor's Degree and 8 years of cybersecurity experience, which must be FISMA-related, OR No degree and 12 years of cybersecurity experience, 10 of which must be FISMA-related, OR Master's Degree in an IT field and 6 years of cybersecurity experience, which must be FISMA-related.
• One of the following certifications: CISSP, CASP, CISA, CISM, SSCP, GISP, GSLC.
• Extensive knowledge of IA field concepts, practices, and procedures for secure integration and operation of systems.
• Specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements.
• Experience with NIST SP 800 publications, particularly those associated with the Risk Management Framework.
• Knowledge of evaluating system, network, or infrastructure security controls against FISMA, FIPS, and NIST guidelines.
• Experience with vulnerability scanning execution, assessment, and analysis.
• Knowledge of operating systems and network security (LAN and WAN).
• Experience with application security, database security, and network security.
• Understanding of information security and assurance principles (e.g., Defense-in-depth).
• Ability to assess and weigh current and evolving security threats.

Nice-to-haves

• Current experience providing ISSO support at CBP or DHS.
• Experience supporting systems hosted in Cloud environments.
• Experience supporting systems in Agile and DevOps environments.

Benefits

• Competitive salary range of $120,000 to $145,000.
• Employee ownership and investment in employee growth.
• Comprehensive benefits package including health insurance, retirement plans, and professional development opportunities.