Information System Security Officer

Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte’s Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools, and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.

THE TEAM

Deloitte’s Government and Public Services (GPS) practice – our people, ideas, technology and outcomes—is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
At Deloitte, we believe cyber is about starting things—not stopping them—and enabling the freedom to create a more secure future. Our Cyber Application Security team advises federal clients on integrating security activities throughout the software development lifecycle to enable the design, build, and deployment of secure applications. Our team focuses on concept and requirements, design and development, verification, production and maintenance, and retirement. If you’re seeking a career in vulnerability management, quality assurance, or GRC tools, then Application Security at Deloitte is the offering for you.

REQUIRED SKILLS :

• MA/MS degree
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
• Active Secret security clearance required
• 10+ years of experience with implementation of the required government policy (i.e., NISPOM, NIST 800, JSIG)
• Detailed understanding of how to prepare and review Security test and Evaluation (ST&E) plans and test reports, analytical evaluation of systems’ applicable RMF controls and mitigations, system hardening procedures, and development of Cyber requirements.
• 5+ years experience (4 years of experience may be used in lieu of degree) with Cybersecurity, The Risk Management Framework, Program Security, and Controlling, labeling, virus scanning, and appropriately transferring data (upload/download) between Information Systems at varying classification levels
• 10+ years of experience with DoD cybersecurity policies, manuals, and standards and developing and maintaining RMF assessment and authorization documentation through the system life-cycle including experience with DISA STIGS, eMASS and Xacta
• Competency in Microsoft Windows Server, Active Directory, VMWare, Microsoft Office, video teleconferencing/VOIP, and Microsoft Azure
  For individuals assigned and/or hired to work in Colorado, Deloitte is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to Colorado and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $107,658 to $ 179,431.
  You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
  Recruiting for this position will end of July 31, 2024
  Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

WORK YOU’LL DO:

• Assist ISSM gaining and maintaining RMF accreditation packages for current and future DCO-S tool suites, sites and networks, perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.
• Perform passive evaluations such as compliance audits and active evaluations such as vulnerability assessments, establishing strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems.
• Lead support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Assist in the implementation of the required government policy (i.e., NISPOM, NIST 800, JSIG), make recommendations on process tailoring, participate in and document process activities.

OUR PURPOSE

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments.