Information Systems Security Officer (ISSO)

Riverside Overview

Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems.

All Riverside Research opportunities require U.S. Citizenship.

Position Overview

Support role to perform tasks related to Cybersecurity and Assessment & Authorization (A&A) to obtain and maintain Authorizations to Operate (ATOs) for assigned systems. This position will be part of a team, supporting the Information Owner, and assisting the ISSM, to implement actions needed to document current/future baselines and new capabilities in the NIST/RMF-approved process

Responsibilities

• Document and facilitate movement of multiple information systems through the RMF process and maintain authorizations through continuous monitoring and annual reviews
• Promote solutions to complex problems (broadly defined) that require the regular use of expertise, creativity, specialized theories and knowledge
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
• Participate in risk and vulnerability assessments (as required) of information systems to identify vulnerabilities, risks, and protection needs
• Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
• Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
• Assess system compliance against NIST, DoD, and NSA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Analyze security controls and the impact of significant changes would introduce to the environment
• Produce evidence as necessary to support compliance status of NIST, DoD, and NSA security compliance
• Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides
• Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
• Evaluate potential security risks and make recommendations regarding corrective, mitigation, and recovery actions
• Lead or attend meetings with system stakeholders to discuss status of efforts
• Maintain reports to leadership regarding system/program status
• Assist other BIG SAFARI programs/projects with A&A efforts (as directed

Qualifications

• A minimum of 8 years of related experience with a Bachelor's degree, 6 years with a Master's degree, a PhD with 3 years' experience, or equivalent experience is typically required
• Working knowledge of Cybersecurity / Information Technology, or four (4) years of hands-on experience with RMF, Cybersecurity/Information Technology
• Must have a TS/SCI
• Demonstrated efficiency and experience in RMF package development, including Plans of Actions and Milestones, Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
• Familiarity and/or experience with XACTA, eMASS, etc
• Familiarity with NIST publications, DISA STIGS, and SRGs
• Experience in assessing controls/systems using NIST 800-53 and/or DISA STIGs and SRGs
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Ability to travel up to 25% (CONUS/OCONUS)

Global Comp

$115,000 - $140,000 This represents the typical compensation range for this position based on experience, location and other factors.

Closing Statement

Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees.
Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran's status or any other status legally protected by applicable federal, state, and local law.