Information System Security Officer (ISSO)

Overview

Abile Group has an exciting and challenging opportunity for an ISSO on a 10 year contract providing User Facing and Data Center Services supporting an Intelligence Community customer. All the personnel on the team will work together to support innovative design, engineering, procurement, implementation, operations, sustainment and disposal of user facing and data center information technology (IT) services on multiple networks and security domains, at multiple locations worldwide, to support the IC mission.

The right candidate will possess the below skills and qualifications and be ready to handle all responsibilities independently and professionally.

Responsibilities

• Develops and coordinates all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Systems risk assessment.
• Supports the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system.
• Assists the component with staying on track with Core Controls and A-123 control assessment schedules.
• Works with components to ensure each Risk Based Decisions (RBD's) has a current Waivers.
• Coordinates with CSS Customer Liaison support, including status of the process and POA&Ms.
• Supports and documents security controls tests, assists in remediation and ensures that POA&Ms are being appropriately managed.
• Develops or updates the Business Continuity and Contingency Plan for the component.
• Assists the components with decisions that affect security of their systems and networks.
• Facilitates preparations for the tri-annual Security Assessment and Authorization (SA&A) component's Information System.
• Conducts assessments of information systems security requirements, evaluates current security posture and recommends priorities for remediation.
• Reviews information system infrastructure and application architecture to assess security requirements.
• Reviews existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.)
• Assesses NIST 800-53, Rev 4. Control and documents results.
• Evaluates and strengthens standard SA&A Documentation.
• Performs and documents risk assessments, analyzes security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities.
• Based on the risk profile of the analyzed systems, develops and documents a Plan of Action and Milestones (POA&M) for mitigating those risks.
• Designs and develops comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems.
• Develops Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems; Designs, develops, and validates System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
• Reviews and conducts NIST-based Self Assessments, identifies any weaknesses which need to be addressed, and develops a POA&M for each of those weaknesses based on industry best practices.
• Designs and develops Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems.
• Conducts OMB A-123 security assessments of Federal Government IT Systems.

Qualifications

Clearance Required: TS/SCI with ability to obtain a CI Poly.

Degree and Years of Experience: Bachelor's Degree in Computer Science or related technical discipline, or the equivalent combination of education, technical certifications or training, and work experience.

• 8+ years' experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
• 8+ years' experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
• 8+ years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems.

Required Certifications:

• Current certification in one or more of the following IT Security disciplines:
  • ISACA - Certified Information Systems Auditor (CISA)
  • ISACA - Certified in Risk and Information Systems Control (CRISC)
  • ISACA - Certified Information Security Manager (CISM)
  • ISACA - Certified in Governance of Enterprise IT(CGEIT)
  • (ISC)2 - Certified Information Systems Security Professional (CISSP)
  • (ISC)2 - Certified Authorization Professional (CAP)

Required Skills:

• Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system.

About Abile Group, Inc.

Abile Group, Inc. was formed in July 2004 to partner with the Intelligence Community and their Contractors in the areas of Enterprise Analytics & Performance Management, IT & Systems Engineering and Program & Project Management. We have significant experience with the Federal Government and are an EDWOSB dedicated to our employees and clients. We are looking for high performing employees who enjoy providing advice and guidance along with solutions development and implementation support, crafted by combining industry best practices with the clients' subject matter experience and Abile's breadth of expertise.

Hiring Statement

Abile is committed to hiring the most qualified and best fit person for the job - always has, always will. Anyone requiring reasonable accommodations should email careers@abilegroup.com with requested details. A member of the HR team will respond to your request within 2 business days.

Please review our current job openings and apply for the positions you believe may be a fit. If you are not an immediate fit, we will also keep your resume in our database for future opportunities.