Address
Form of workJob Description
We connect our employees with some of the best opportunities around.
Time and time again, our employees tell us that the most important thing we offer is respect. Federal Staffing Solutions puts people to work in all types of jobs. When you work with us, you build a relationship with a team of employment professionals in your community who have, in turn, built personal relationships with the businesses that are hiring.
We are looking for an OPR ISSO to work onsite in Miami, FL supporting our client.
Qualifications:
• A minimum of a Bachelor’s degree coupled with 8 - 12 years’ experience in the Information Technology arena or Masters Degree with 6+ years of relevant experience.
• Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
• Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university
• Knowledge with auditing security controls and financial processes
• Superior writing, communication and critical analysis skills
• Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
• Working knowledge of the following policies: NIST SP 800-37, Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, DHS 4300A Policy and Handbook, CBP Information Systems Security Policies and Procedures Handbook (HB 1400-05),
Candidates shall possess and maintain one of the following professional certifications: • CompTIA Certified Advanced Security Practitioner (CASP+) • ISC2 Certified Authorization Professional (CAP) • ISC2 Certified Cloud Security Professional (CCSP) certification (The following certification is highly desired, but not required.) • ISACA Certified Information Systems Auditor (CISA) - ONSITE REQUIREMENTS: 5 days/week for 90 days then 2 day/week (Maybe < 90 days if known ISSO) Preferred Qualifications: • ISC2 Certified Authorization Professional (CAP) or ISC2 Certified Cloud Security Professional (CCSP) certification or CompTIA Certified Advanced Security Practitioner (CASP+)
Essential Requirements: US Citizenship is required.
Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job with or without reasonable accommodation. While performing the duties of this job, the employee will regularly sit, walk, stand and climb stairs and steps. May require walking long distance from parking to work station. Occasionally, movement that requires twisting at the neck and/or trunk more than the average person, squatting/ stooping/kneeling, reaching above the head, and forward motion will be required. The employee will continuously be required to repeat the same hand, arm, or finger motion many times. Manual and finger dexterity are essential to this position. Specific vision abilities required by this job include close, distance, depth perception and telling differences among colors. The employee must be able to communicate through speech with clients and public. Hearing requirements include conversation in both quiet and noisy environments. Lifting may require floor to waist, waist to shoulder, or shoulder to overhead movement of up to 20 pounds. This position demands tolerance for various levels of mental stress.
Job Duties:
• Develop, draft, review and endorse all information systems security plans and other security authorization artifacts and documents such as:
• Standards for Security Categorization of Federal Information and Information Systems (FIPS 199) Assessment
• E-Authentication Determination
• Privacy Threshold Determination
• Privacy Impact Assessment (PIA)
• Risk Assessment Plans
• System Security Plans
• Controls Testing (Security Test and Evaluation (ST&E)) Plans
• Configuration/Change Management Plans
• Contingency Plans
• Contingency Plan Test and Test Results
• Section 508 of the Rehabilitation Act plans
• Plans of Actions & Milestones (POA&Ms)
• Policy waiver and risk acceptance requests
• Ensure that assigned systems are operated, maintained, and disposed of in accordance with applicable policies and procedures NIST SP 800-37, Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
• Develop, review, maintain, and provide system security documentation for assigned systems, including System Security Plans, Interconnection Security Agreements, Contingency Plans, Plans of Action and Milestones, (POA&M), Waivers, and Exceptions through the FISMA system management tool in use to implement and manage the NIST Risk Management Framework.
• Assist the Government with the reporting and management of system level security violations and incidents.
• Assist the Government with the technical security evaluation of threats and vulnerabilities involving new/enhanced technology.
• Assist the Government with providing oversight to vulnerability scanning processes and procedures and security patch management/flaw remediation processes and procedures.
• Assist with development of cyber security SOPs, playbooks, work instructions, and other procedures and processes to mature cyber security capabilities.
