Job Description
SeKON is seeking a skilled Information Systems Security Officer (ISSO) to enhance our dynamic team, dedicated to supporting the Defense Health Agency (DHA). With a rich legacy spanning over two decades, SeKON stands at the forefront of health IT, delivering comprehensive solutions to a broad range of federal government clients, including the Centers for Disease Control (CDC), Centers for Medicare and Medicaid Services (CMS), National Institutes of Health (NIH), and particularly the Defense Health Agency (DHA). Our vision, "To be the premier management and technology consulting firm providing solutions that improve quality of life and work," reflects our commitment to excellence and innovation.
Integral to our mission is the lifecycle management of the Defense Healthcare Management Systems Modernization (DHMSM) program. This ambitious initiative is focused on competitive procurement, rigorous testing, and seamless delivery of a cutting-edge electronic health record (EHR) system. Collaborating closely with DHA, military services, and industry partners, DHMSM is crafting a strategic approach to deploy and sustain this modernized EHR. Our goal is to ensure its effective integration into the military healthcare environment, minimizing disruption and maximizing efficiency in service delivery.
REQUIREMENTS:
- Must have an active Department of Defense (DoD) clearance
- Must have a DoD 8570 certification (Security+ minimum)
- 3+ years of specialized Information Assurance for Department of Defense IT systems
- Undergraduate degree in cyber security, IT, Computer Science, or a related field preferred but not required
- Experience performing IAVA (Information Assurance Vulnerability Alert) management
- Experience conducting RMF (Risk Management Framework) process throughout the entire lifecycle, including IATT, ATO-C, ATO, ASR, and DATO, as well as continuous monitoring
- NIST, DISA, and DoD Security Standards and Risk Management Framework (RMF) processes
- Working and documenting Risk Management Framework processing with end results achieving an Authority to Operate (ATO)
- Cyber security management using the Enterprise Mission Assurance Support Service (eMASS) repository
- Network security, continuous monitoring, system auditing, and security policy development
- Compliance scanning tools (ACAS, Fortify); running scans, evaluating results, and determining remediation steps
- Writing POAMs, including detailed justifications for program-required non-compliant items
- Thorough understanding of and experience with the Federal Information Security Management Act (FISMA)
- Vulnerability remediation activities, scanning and analysis, and STIG/ Manual Checklist auditing
- Ability to work on multiple projects concurrently within deadlines while ensuring that complex information is conveyed in a clear, accurate, and concise manner under normal and in crisis situations
- Skill in the use of various types of office automation to includes Microsoft Suite (PowerPoint, Word, Excel, Visio, Project, and Access)
- Superior verbal and written communication and customer service skills including presenting to senior government officials
- Ability to work collaboratively and proactively with customers and program office members in a multi-vendor environment
- Serve in a variety of ad hoc roles including participating in and contributing to proposal efforts and hiring processes
DESIRED SKILLS:
- Additional 8570 certifications such as CISSP, CISM, CAP
- Experience supporting DHA (Defense Health Agency)
- Experience in DoD Healthcare IT and/or electronic health record (EHR) systems
- Experience IBM ‘Jazz’ tool suite
- Cerner Millennium EHR
- Interoperability with other defense agencies including VA (VISTA) and Defense Information Systems Agency (DISA)
KNOWLEDGE OF:
- Industry best practices such as ISO, CMMI, Lean Six Sigma, and agile scrum
- System Development Lifecycle (SDLC) Requirements, use cases, release management, testing, risk management, change management, and configuration management experience
- Service Oriented Architecture (SOA), Web Applications, Security Architecture, Relational databases
- Installing, managing, maintaining, administering, and troubleshooting applications, and documenting technical guides
- Software Development and Documentation Standards (SDDS)
- Department of Defense (DoD) Acquisition lifecycle-working in major acquisition
- Program/system(s) adherence with DoDI and DoDD
remote work