Information Systems Security Officer (ISSO)
Colorado Springs, CO, United States
Location: Colorado Springs, Colorado * Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
* Lead and implement the Assessment and Authorization (A&A) processes under the Risk Managed Framework (RMF) for new and existing information systems
* Facilitates development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL) and support Continuous Monitoring (CONMON)
* Oversees configuration management of assigned systems; auditing systems to ensure security posture integrity
* Partner with Information Technology, Program Engineering, and Management with security requirements
* Conduct risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
* Conducts periodic hardware/software inventory assessments
* Serves as organization spokesperson on advanced projects and programs. Acts as advisor to management and customers on advanced technical research studies
* Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
* Maintain and enforce all Information System Security policies, standards, and directives to ensure assessment and authorization of information systems processing classified information
* IAM Level 1 DoD 8140.01 (previously 8570.01) compliant certification (i.e. CAP, GSLC, Security+ CE, CISSP, CASP, CISM, GSLC)
* 3+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
* Preferred Qualifications (Desired Skills/Experience):
* Bachelors Degree or higher
* Experience with cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, and/or NIST SP 800 series
* Experience as an Information System Security Officer (ISSO) implementing or managing cybersecurity requirements on classified systems under JSIG, NISPOM, ICD 503, and/or CNSSI 1253
* Experience in assessing and documenting test or analysis data to show cybersecurity compliance
* Demonstrated experience leading audits conducted by external stakeholders