Principal Information System Security Officer
$120,000 - $145,000/Yr
Steampunk - McLean, VA
posted 18 days ago
Full-time - Principal
McLean, VA
Food Services and Drinking Places
About the position
Steampunk is seeking a Principal Information System Security Officer to support a government customer by ensuring that security levels are maintained at an acceptable risk. The role requires strong initiative, organization, and customer service skills, along with the ability to adapt to a fast-paced environment. Effective communication and problem-solving skills are essential, particularly regarding sensitive information.
Responsibilities
- Proactively create, monitor, and update the status of POA&Ms to ensure weaknesses are resolved according to scheduled completion dates.
- Create Waivers or Risk Acceptance Memos for effective management of system risks.
- Conduct annual assessments in accordance with the DHS Information Security Performance Plan.
- Review and update security authorization documents at least annually.
- Conduct Contingency Plan tests annually and update the plan as necessary.
- Perform system self-assessments as part of the customer's Ongoing Authorization program.
- Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management.
- Provide audit support for assigned systems throughout the audit process (Pre, During, and Post Audit).
- Maintain knowledge of inventory in the accreditation boundary.
- Use CBP and DHS mandated enterprise IA Compliance Tools.
- Devise a plan to certify and accredit assigned Information systems.
- Respond to emerging requirements or policies set by legislation, regulation, or policy.
- Participate in DevOps Sec requirements for assigned systems.
- Support the review and update of security authorization documents as needed.
- Coordinate with Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements.
- Ensure security requirements are included in the development cycle (Waterfall, Agile, SecDevOPs).
- Ensure CM processes are followed to prevent introducing new security risks.
- Support the management of Information Security Vulnerability Management (ISVM) Compliance.
Requirements
- Bachelor's Degree and 8 years of cybersecurity experience, which must be FISMA-related, OR No degree and 12 years of cybersecurity experience, 10 of which must be FISMA-related, OR Master's Degree in an IT field and 6 years of cybersecurity experience, which must be FISMA-related.
- One of the following certifications: CISSP, CASP, CISA, CISM, SSCP, GISP, GSLC.
- Extensive knowledge of IA field concepts, practices, and procedures for secure integration and operation of systems.
- Specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements.
- Experience with NIST SP 800 publications, particularly those associated with the Risk Management Framework.
- Knowledge of evaluating system, network, or infrastructure security controls against FISMA, FIPS, and NIST guidelines.
- Experience with vulnerability scanning execution, assessment, and analysis.
- Knowledge of operating systems and network security (LAN and WAN).
- Experience with application security, database security, and network security.
- Understanding of information security and assurance principles (e.g., Defense-in-depth).
- Ability to assess and weigh current and evolving security threats.
Nice-to-haves
- Current experience providing ISSO support at CBP or DHS.
- Experience supporting systems hosted in Cloud environments.
- Experience supporting systems in Agile and DevOps environments.
Benefits
- Competitive salary range of $120,000 to $145,000.
- Employee ownership and investment in employee growth.
- Comprehensive benefits package including health insurance, retirement plans, and professional development opportunities.
