Apply on Employer Site

Navitas Business Consulting, Inc. · 1 month ago

25-1079: Information Security Systems Officer (ISSO)

United States

Full-time

Remote

Senior Level

5+ years exp

Navitas Business Consulting, Inc. is an industry leader in digital transformation, providing technology solutions to various markets. The Information Security Systems Officer (ISSO) will support DOJ’s external customers by ensuring the operational security posture of information systems and advising on cybersecurity policies, compliance, and risk management.

Computer Software

Culture & Values

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results

Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies

Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA)

Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM

Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts

Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies

Monitor and execute operations and maintenance of information systems, including secure system disposal

Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans

Conduct vulnerability scans, review security reports, and implement remediation strategies

Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools

Ensure all security assessment and audit reports are properly uploaded in CSAM

Participate in configuration management processes, policy audits, and system log reviews

Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks

Qualification

Risk Management Framework (RMF)Security+ certificationInformation Security PoliciesFISMA complianceNIST SP 800-53 controlsSecurity AuditingVulnerability managementTechnical guidanceIncident ResponsePolicy writingSoftware Development Lifecycle (SDLC)CSAM experienceGRC toolsAutomated security scanningProblem-solving skillsTime managementConflict resolutionTeamwork skills

Required

Minimum 5 years of experience as an ISSO

Bachelor's degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience)

Security+ or equivalent/higher-level certification (current)

Strong understanding of Information Security Policies and Procedures

Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance

Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies

Proficiency in security tools, risk assessments, and vulnerability management

Preferred

Knowledge of Security Incident Analysis and Forensics

Experience with Software Development Lifecycle (SDLC) security practices

Strong policy and memo writing skills

Effective problem-solving, time management, conflict resolution, and teamwork skills

Hands-on experience with CSAM, GRC tools, and automated security scanning tools

Ability to lead security compliance efforts across multiple systems

Company

Navitas Business Consulting, Inc.

Incorporated in 2006, Navitas Business Consulting Inc, is a Woman-Owned, Small Business (WOSB) with areas of expertise in Cloud Migration, Data & Insights, Artificial Intelligence, Threat Intelligence, Cybersecurity, Agile PMO & Advisory and Healthcare.

Founded in 2006

Herndon, Virginia, USA

51-200 employees