Information System Security Officer – Mid
Washington, Washington, United States of America
Full Time
4 days ago
$90,300 - $189,600 USD
No Visa Sponsorship
Key skills
CloudCyber SecurityLeadershipRisk ManagementCloud Security
About this role
Role Overview
- execute Risk Management Framework activities for ATO decisions
- ensure systems meet compliance requirements
- ensure confidentiality, integrity, and availability of FEMA Information Systems
- implement security controls and conduct system assessments to identify vulnerabilities and gaps
- develop and maintain System Security Plans, Configuration Management Plans, and Contingency Plans
- conduct Security Impact Analyses and test configuration changes pre
- and post-deployment
- support continuous monitoring of IT systems
- develop and track POA&Ms for identified vulnerabilities
- develop security requirement traceability matrices
- manage hardware and software inventory lists
- support cloud security initiatives
- participate in Change Advisory Board (CAB) reviews
- conduct technical vulnerability assessments
- provide audit support documentation
- respond to cybersecurity data calls with timely information to leadership
- prepare Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing
- generate POA&Ms within 0 to 15 days after vulnerability identification
- update System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur
- conduct Security Impact Analysis Reports within 5 business days after change notification
- analyze Risk Assessment Reports and FISMA Scorecard Analysis on a daily basis
- produce Weekly Activity Reports and Monthly Program Reports
Requirements
- U.S. Citizenship required
- Active Secret security clearance required
- FEMA EOD suitability or Current DHS or FEMA EOD preferred
- BS/BA + 10 years of applicable experience or equivalent combination
- Must have one of the following Information Assurance Technician (IAT) Level III qualifications:
- Certified Information System Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- CompTIA Advanced Security Practitioner (CASP+)
- Minimum 5 years of experience in information security
- Demonstrated expertise in RMF, Information Security processes, FISMA, NIST SP 800-37, NIST SP 800-53
- Experience developing security documentation including SSPs, POA&Ms, and Contingency Plans
- Knowledge of DHS 4300 Series and federal cybersecurity requirements
- Experience with continuous monitoring and vulnerability management
Tech Stack
- Cloud
- Cyber Security
Benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits