The ideal candidate for this Senior Information Systems Security Officer (ISSO) position will be a RMF Subject Matter Expert with an IAM Level III Certification and an Active DoD Secret Clearance. They will have expert knowledge and experience developing RMF documentation. They will have strong working knowledge of and experience using eMASS.
Summary: The Senior ISSO will work with our team of Senior Cyber Security Specialists to transition the Department of Defense, Defense Health Agency (DoD/DHA) systems from DIACAP to RMF. The ideal candidate will provide expert consultation across a wide range of cross-functional areas of Cyber Security services in support of this DHA Mission. The Senior ISSO will also provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality planning and control.
NOTE: This is a five year, fully funded contract that kicked off in October of 2017
Knowledge, Skills and Abilities:
The Senior ISSO shall perform tasks in accordance with NIST SP 800-37 requirements. The work shall be completed during the period of performance. The project will be evaluated for completeness of tasks and objectives weekly.
Ensure that the appropriate operational cybersecurity posture is maintained for assigned IT systems.
Develop, update and maintain the System Security Plan (SSP) for assigned systems to include:
Conduct Contingency Plan, Recovery Plan and Incident Response tests for assigned IT systems.
Participate in Incident Response activities for assigned IT systems.
Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems. Develop standard operating procedures in accordance with security control requirements.
Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cybersecurity requirements for assigned IT systems.
Work with technical teams to mitigate security control deficiencies for assigned IT systems.
Assess the cybersecurity impact of changes to assigned IT systems.
Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M).
Conduct technical vulnerability assessments and prioritize and track remediation efforts.
Manage the POA&M process for designated IT systems.
Provide the required system access, information, and documentation to security assessment and audit teams.
Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.
Complete required A&A (Assessment and Authorization) activities on assigned IT systems.
Assist federal staff in assessing new applications, identifying applicable NIST SP 800-37 RMF requirements and advising system owners of the process.
Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.
Develop and maintain a detailed policy matrix mapping Federal, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800-53. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.)
Why work for SPN Solutions?
SPN Solutions is an 8A Certified (SBA) Small Business that provides IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services to customers in the Defense, Federal Civilian Government and Commercial sectors. Our values are the standards that inform and inspire all of our activities and distinguish us as a corporation.
At SPN, we have an environment that fosters creative thinking, respects your contributions, and accepts nothing less than excellence in serving our customers. We demonstrate these core principles daily through our corporate Values and culture.
SPN Solutions Inc. is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, physical or mental disability, sexual orientation, gender identity, age, marital status, medical condition, veteran status, or any other factor determined to be unlawful by federal, state, or local statutes. SPN Solutions Inc. will treat all employees equally with respect to compensation; opportunities for advancement, including upgrading, promotion and transfer, and all other terms and conditions of employment.
Job Type: Full-time
Required work authorization: