Information System Security Officer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Zermount, Inc. · 2 months ago

Information System Security Officer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date5+ years exp

Zermount, Inc. is a military-friendly company seeking an Information Systems Security Officer (ISSO) to support the full lifecycle of security assessment and authorization activities. The ISSO will ensure compliance with federal cybersecurity standards, manage risk assessments, and develop necessary security documentation and reports.

Cyber SecurityInformation TechnologyNetwork Security
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Lead and conduct Pre-Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings
Supports the ISBO in day-to-day IT security activities
Assists the ISBO with reviews of the security posture of the system and report any findings to the ISBO, CISO, and the AO
Conduct Information System Categorization by identifying information types, completing FIPS-199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA)
Develop and maintain system security documentation, including:
System Administration Plan (SAM)
Configuration Management Plan (CMP)
IT Contingency Plan (ITCP)
Information Security Continuous Monitoring (ISCM) Plan
Incident Response Plan (IRP)
Security Assessment Report (SAR)
System Security Plan (SSP)
Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office
Develop and manage inter-agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums
Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency
Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team
Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure
Prepare and present SAR to Authorizing Officials to obtain or renew ATO
Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems
Develop and update project schedule, including A&A / SCA task and milestones, task dependencies, and personnel resources
Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives
Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199
Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices
Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility
Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System
Implement security controls based on IT System FIPS categorization
Document security control implementation in the system's Security Plan using the client's GRC tool
Document system's risk assessment per client directives and requirements
Review and monitoring system security and audit logs
Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems
Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change)

Qualification

Information SecurityNIST RMFSecurity AssessmentVulnerability ManagementPOA&M ManagementSecurity DocumentationAudit Log ReviewsCommunication SkillsProblem SolvingTeam Collaboration

Required

A minimum of five (5) years of demonstrated experience in the Information Security or IT field
Demonstrates a proficiency with developing, maintaining and managing SA&A packages
Experience with developing and managing POA&M's
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
Strong understanding of federal cybersecurity frameworks (e.g., NIST RMF, FIPS-199, FISMA)
Experience in developing and maintaining security documentation and plans
Possess experience conducting CPT's
Experience conducting audit log reviews
Technical experience with conducting vulnerability management, compliance scanning, and providing mitigation techniques
Excellent communication and coordination skills with technical and non-technical stakeholders
Ability to manage multiple systems and projects simultaneously in a dynamic environment
Excellent communication (written and verbal) skills
A minimum of at least one (1) certification that meet DOD 8570 IAT Level II (e.g., Security+, GSEC, CASP) requirements or any equivalent or more advanced
Client Suitability and Public Trust

Preferred

Military Friendly & Preferred - Hoh Sponsor

Company

Zermount, Inc.

twittertwittertwitter
company-logo
Zermount, Inc., a Certified SDVOSB, was founded by Terry Butler a proven leader and Cybersecurity/Information Technology (IT) professional with over15 years’ experience supporting the Federal Government and commercial clients.
dateFounded in 2013
location
Arlington, Virginia, USA
people-size51-200 employees
web-link
https://www.zermount.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Terry Butler
CEO
linkedin
Company data provided by crunchbase