Senior ISSO
Apply NowCompany: ECS
Location: Seaside, CA 93955
Description:
ECS is seeking a Senior ISSO to work in our Seaside, CA office.
Promote the DHRA/DMDC Risk Management Framework maturity Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture. Promote the DHRA/DMDC Risk Management Framework maturity Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture. Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc., STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain documentation
Salary Range: $140,000-$170,000
General Description of Benefits
Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested. Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable. Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+. Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls. 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor. Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs). Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders. Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions. Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk. Knowledge of DoD cybersecurity policies, practices, and requirements. Excellent written and verbal skills are required
Salary Range: $140,000-$170,000
General Description of Benefits