Information System Security Officer (ISSO)
Job Location: Morrisville, NC
Safui Strategies, LLC is currently conducting a search for a Senior ISSO to support the Cyber Security program (Risk Management Office) at the United States Postal Service. The candidate will have expertise in system certification & accreditation (C&A) processes; information assurance (IA) processes; achieving system ATOs, and continuous monitoring. The successful candidate will experience an unparalleled large-scale enterprise environment with over 800 Information Technology systems, processing billions of dollars in annual revenue and supporting a diverse user base spread across the entire US. Join the Safui Strategies team to scale your career to the next level.
- The candidate will drive the review and certification of information technology systems following the USPS CISO policies and procedures (modeled based on NIST RMF).
- The candidate will manage action items, work to resolve issues, and identify and document system risks and vulnerabilities.
- Providing input to and develop, write, edit and submit documentation in support of the project deliverables.
- Candidate must be able to clearly define tasking, communicate topics to leadership through concise and succinct presentations, to organize meeting preparation materials.
- Work closely with the system teams and program/project managers as well as interfacing with CISO and CIO stakeholders as needed.
- Oversee the information assurance (IA) program of an information system in or outside the network environment; may include recommendation and justification for procurement duties.
- Establish audit policy and reporting mechanisms for ensuring compliance with IA/IS standards by keeping current with IA/IS requirements.
- Lead the development of risk management by creating plans, procedures, protocols, and evaluation measures and ensuring there are desired levels of enterprise-wide IA/IS.
- Oversee the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents
- Bachelor's degree in Information Technology or a relevant Cybersecurity field, and 7+ years of overall experience.
- 5+ years of experience working as an ISSO or Information Assurance analyst.
- Strong knowledge of the NIST Risk Management Framework (RMF) and security controls is required.
- Hands on experience creating ATO packages, and continuous monitoring compliance in a large-scale enterprise environment is required.
- Experience working with leading edge technologies and innovative risk compliance and mitigation processes (automated monitoring, automated ATOs, etc.).
- Must have strong communication skills, both oral and written, with excellent interpersonal, team and organization skills.
- Must have strong knowledge of MS Office products to include PowerPoint, Word, Excel, and Outlook.
- A self-starter with proven abilities to collaborate and gather information from multiple teams.
- Certification in one or more of; Systems Security Certified Practitioner (SSCP), CompTIA Security+, CPTE - Certified Penetration Testing Engineer, CEH - Certified Ethical Hacker, or Certified Information System Security Professional (CISSP)
- Demonstrable experience with Security Operation tools inclusive of products from SPLUNK, FireEye, Looking Glass, Intel, Endgame, StealthWatch, RSA, and Tanium
- Subject Matter Expertise and experience in one or more of the following domains is highly desired:
- Cloud-based enterprise IT systems (AWS, Azure, GPC)
- Mobile solutions
- Cryptocurrency/blockchain based solutions
- SCADA system architecture
- Knowledge of the Resilience Management Model (CERT-RMM)
****Candidates must be able to obtain a Postal Sensitive Clearance (US Citizenship or Green Card required). Additionally, candidates must not have traveled outside of the USA for a combined period not to exceed 6 months within the last 5 years.***
Job Types: Full-time, Temporary
Salary: $75,000.00 to $83,000.00 /year
- working as an ISSO: 5 years (Preferred)