Apply on Employer Site

Tyto Athene, LLC · 2 weeks ago

Senior Information Security and Privacy Officer

Washington, DC

Full-time

Hybrid

Senior Level, Lead/Staff

$120K/yr - $130K/yr

8+ years exp

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation. They are seeking a Senior Information Security and Privacy Officer to support a law enforcement customer by ensuring information systems meet security requirements and leading ongoing privacy-related activities.

Information Technology

Work & Life Balance

No H1B

U.S. Citizen Only

Responsibilities

Lead and support information system security responsibilities utilizing the Risk Management Framework (RMF) lifecycle, including system Authorization to Operate (ATO) and continuous monitoring, while ensuring privacy and legal requirements are fully integrated

Develop, update, and maintain security authorization packages in accordance with client requirements and NIST SP 800-53, including System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Assessment Plans and Reports (SAP/SAR), Contingency Plans, Incident Response Plans, Standard Operating Procedures (SOPs), Plans of Action and Milestones (POA&Ms), Remediation Plans, Configuration Management Plans, Security Impact Assessments, and related artifacts

Maintain, manage and support POA&M and remediation activities, including validation of corrective actions and participation in the continuous monitoring process

Perform security and privacy risk analyses and technical assessments to identify weaknesses, deficiencies, and gaps, and recommend cost-effective and compliant safeguards

Provide continuous monitoring oversight, including review of vulnerability scan results for applications, networks, and databases, ensuring findings are addressed in accordance with security and privacy policies

Maintain an inventory of hardware and software within the system security boundary and coordinate with system owners, records management, and enterprise architecture stakeholders

Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans, and support incident response and continuity activities

Conduct and oversee Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs), and remain current with evolving OMB policies, NIST guidance, and federal privacy laws

Apply and interpret law enforcement and federal privacy requirements, including Criminal Justice Information Services (CJIS) Security and Privacy Policy, and support compliance within a Legislative Branch environment

Support High Value Asset (HVA) identification and categorization using privacy, legal, and risk-based frameworks

Develop, update, and maintain privacy directives, policies, and SOPs, including translating approved privacy policy into actionable operational procedures

Integrate privacy-by-design principles into the System Development Life Cycle (SDLC), ensuring privacy requirements are addressed throughout system planning, development, testing, deployment, and maintenance

Review, update, and deliver enterprise privacy training programs, including privacy awareness, advanced privacy training, records management, data collection practices, and role-based training models tailored to Legislative Branch versus DoD applicability

Coordinate with internal and external stakeholders to complete mandatory agency data calls, audits, and reporting requirements in a timely manner

Qualification

Risk Management Framework (RMF)Federal privacy lawsNIST SP 800-53Cybersecurity Awareness Training (CSAT)FISMANIST publicationsTechnical analysis reportsVulnerability assessmentsPolicy writingRelationship managementBusiness acumenCIPP/G/US CertificationFedRAMPServiceNowBSD/UNIXWindowsLinuxCommunication skillsCritical thinkingAdaptabilityTeam collaboration

Required

8+ years of professional experience with at least 5 years supporting ISSO RMF activities

Bachelor's Degree or 4 years of additional experience in lieu of a degree

Knowledge of and proficiency in federal government privacy programs, with working knowledge of privacy laws and regulations and their relationship to the Privacy Act of 1974 and the E-Government Act of 2002

A demonstrated understanding of information privacy, including information access, the release of information, and implementation of control technologies as they apply to privacy information contained in electronic and non-electronic media

Experience with Cybersecurity Awareness Training (CSAT) related privacy initiatives, including evaluation of training effectiveness, data collection practices, and selection of appropriate privacy training models

Experience with HR privacy and behavioral privacy considerations related to workforce data and monitoring activities

Thorough understanding and knowledge of FISMA, NIST RMF and Security and Privacy Assessment and Authorization (SPA&A) processes

Experience with NIST publications, OMB circulars and memoranda, and CNSS publications and their requirements and impact on system security

Proficiency in writing technical analysis reports with strong written and oral communication skills

Ability to work quickly, efficiently, and accurately in a dynamic and fluid environment

Good relationship management, business acumen, judgment, and ability to think critically

US Citizen with Public Trust eligibility required