Maveris

Information System Security Officer, ISSO

Maveris

full-time

Posted on:

Origin:  • 🇺🇸 United States • District of Columbia, Illinois

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber Security

About the role

  • Operate as the primary security point of contact for the system and acts as a liaison between the system team and the agency's security and authorizing officials.
  • Develop and maintain the System Security Plan (SSP), which is the core document for the ATO package.
  • Ensure that a comprehensive Contingency Plan (CP) is developed to outline procedures for system recovery in the event of a security incident or disaster.
  • For systems handling personally identifiable information (PII), the ensure a Privacy Impact Assessment (PIA) is completed to assess and mitigate privacy risks.
  • Based on the system's security categorization (low, moderate, or high), work with the system team to select and implement the appropriate security controls from NIST Special Publication 800-53.
  • Develop and manage the plan for continuous monitoring, which ensures that security controls remain effective and that the system's security posture is maintained post-ATO.
  • Support the security assessor team (internal or third-party) during the security assessment. This involves providing system documentation and evidence to demonstrate that controls are implemented correctly and are operating as intended.
  • Coordinate and oversee vulnerability scans and penetration tests to identify weaknesses in the system.
  • For any security weaknesses identified during the assessment, the ISSO is responsible for developing and tracking the Plan of Action and Milestones (POA&M):. This is a remedial action plan that details how and when the weaknesses will be mitigated.
  • The ISSO continuously assesses the system's risk posture and provides a recommendation to the Authorizing Official (AO) regarding the system's readiness for an ATO.
  • Compile the final ATO package, which includes the SSP, assessment reports, and POA&M, for review by the AO.

Requirements

  • Bachelor's Degree or higher - equivalent experience may be considered in lieu of a degree.
  • 5+ years of ISSO experience with a federal information system.
  • Cybersecurity certifications such as Security+ or similar is a plus.
  • Understanding of Cybersecurity tooling especially Palo Alto Products such as Prisma Cloud.
  • Experience with Agile project management methods and frameworks such as SCRUM and SAFe is preferred.
  • Working knowledge of program/project management software (Microsoft Project, Jira, Microsoft 365/Teams applications, etc.)
  • Exceptional written and verbal communication skills.
  • Strong planning, organizational, and time management skills.
  • Exceptional analytical and conceptual thinking skills.
  • Strong leadership skills and ability to work collaboratively with a team of peers.