Abile Group has an exciting and challenging opportunity for an Information System Security Officer (ISSO) on a 10 year contract providing User Facing and Data Center Services supporting an Intelligence Community customer. All the personnel on the team will work together to support innovative design, engineering, procurement, implementation, operations, sustainment and disposal of user facing and data center information technology (IT) services on multiple networks and security domains, at multiple locations worldwide, to support the IC mission.
The right candidate will possess the below skills and qualifications and be ready to handle all responsibilities independently and professionally.
- Supports the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system
- Assists the component with staying on track with Core Controls and A-123 control assessment schedules
- Works with components to ensure each Risk Based Decisions (RBD's) has a current Waivers.
- Coordinates with CSS Customer Liaison support, including status of the process and POA&Ms.
- Supports and documents security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
- Develops or updates the Business Continuity and Contingency Plan for the component.
- Assists the components with decisions that affect security of their systems and networks.
- Facilitates preparations for the tri-annual Security Assessment and Authorization (SA&A) component's Information System.
- Conducts assessments of information systems security requirements, evaluates current security posture and recommends priorities for remediation.
- Reviews information system infrastructure and application architecture to assess security requirements
- Reviews existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.)
- Assesses NIST 800-53, Rev 4. Control and document results
- Evaluates and strengthens standard SA&A Documentation
- Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities;
- Based on the risk profile of the analyzed systems, develops and documents a Plan of Action and Milestones (POA&M) for mitigating those risks;
- Designs and develops comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems;
- Develops Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems; Designs, develops, and validates System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
- Reviews and conducts NIST-based Self Assessments, identifies any weaknesses which need to be addressed, and develops a POA&M for each of those weaknesses based on industry best practices.
- Designs and develops Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems
- Conducts OMB A-123 security assessments of Federal Government IT Systems.
Clearance Required: TS/SCI clearance required and eligibility to obtain/maintain a CI Poly
Degree and Years of Experience: Bachelor's Degree in Computer Science or related technical discipline and 8+ years of experience
Required Certifications (in one of the following disciplines):
- ISACA - Certified Information Systems Auditor (CISA)
- ISACA - Certified in Risk and Information Systems Control (CRISC)
- ISACA - Certified Information Security Manager (CISM)
- ISACA - Certified in Governance of Enterprise IT(CGEIT)
- (ISC)2 - Certified Information Systems Security Professional (CISSP)
- (ISC)2 - Certified Authorization Professional (CAP)
Required Skills:
- 8+ years' experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
- 8+ years' experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
- 8+ years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems.
- Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system.
- On-site visits at Quantico may be required.
Abile Group, Inc. was formed in July 2004 to partner with the Intelligence Community and their Contractors in the areas of Enterprise Analytics & Performance Management, IT & Systems Engineering and Program & Project Management. We have significant experience with the Federal Government and are an EDWOSB dedicated to our employees and clients. We are looking for high performing employees who enjoy providing advice and guidance along with solutions development and implementation support, crafted by combining industry best practices with the clients’ subject matter experience and Abile’s breadth of expertise.
Abile Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Anyone requiring reasonable accommodations should email careers@abilegroup.com with requested details. A member of the HR team will respond to your request within 2 business days.
Please review our current job openings and apply for the positions you believe may be a fit. If you are not an immediate fit, we will also keep your resume in our database for future opportunities.