ISSO

The Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (SO) and Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system. The candidate is responsible for ensuring the implementation and maintenance of security controls in accordance with the NIST 800-53 and EOUSA policies. Prepares, reviews, and updates system authorization packages in Cyber Security Assessment and Management (CSAM). Conducts continuous monitoring activities for agency system including, internal system and FedRAMP system. Conducts system procedures, documentations, control implementation statements, annual self-controls assessment, Plan of Actions and Milestones (POA&M) review, Audit log review and vulnerabilities scan review according to National Institute of Standards and Technology (NIST) requirements. Conducts Security Impact Analysis (SIA), Risk Assessment, Risk Based Accepted, and Security Technical Implementation Guides (STIG) Review, when changes occur that might affect the authorization determination of the information system(s). Coordinates any changes or modifications to hardware, software, or firmware of a system with the PMs, Security Officer and SO prior to the change. Performs security related tasks which include documentation, vulnerability scan review, assessment support, patch management, and auditing as required.