ISSO Job Description for DHS OCISO Support
Successful Candidate shall provide direct support to the DHS OCISO Compliance team. Our client OCISO currently has 39 systems in various phases of implementation. The ISSO shall provide support for compliance assessment of the severity of weaknesses/ deficiencies in information systems, and prepare security produced by Security Assessors assessment reports containing results and findings from the assessment. These reports will be used to determine the overall effectiveness of security controls associated with each information system (including system-specific, common, and hybrid controls) assessed and provide credible and meaningful inputs to the OCISO's risk management process.
Specific tasks are detailed below. ISSO shall work with the client OCISO to audits/review ATO packages on all assigned systems at the time of any document review request(s).
Documentation Compliance Review
Contractor ISSO shall work with the government client OCISO to audits/review ATO packages on all designated systems at the time of any document review request(s). Reviews will be conducted utilizing IACS for completeness and clarity including but not limited to the below listed assessment categories:
- Privacy assessment (if applicable)
- Continuous Monitoring Plan
- Contingency Plan
- Contingency Plan Testing
- Configuration Management Plans testing and completeness
In addition to conducting assigned reviews and assessments, Contractor ISSO shall:
- Provide guidance to DHS sub-components regarding document review remediation, as well as train them in the document review process used in support of the annual Information Security Performance Plan.
- Make recommendations to improve the quality and reduce the time of document reviews.
- Improve overall OCISO information security posture and performance.
- Complete weekly progress reports on the status of all compliance reviews
Nessus Scan Review
ISSO shall support and offer FISMA compliance guidance to sub-component ISSMs and ISSOs as directed by the client OCISO.
ISSM / ISSO Support
ISSO shall review Nessus scans for anomalies, open ports, encryption in use, identified vulnerabilities, authorized accounts, privilege accounts, and SSL configuration settings
ISSO shall perform final documentation review, and provide the following reports:
Metrics and Strategies
ISSO shall recommend improvements and metrics for tracking progress on remediation information security weaknesses. As well as recommend strategies for evaluating overall Department and Component risks associated with outstanding weaknesses.
-Component-level remediation efforts
-Components with developing, improving, and reviewing Plans of Actions and Milestones (POA&Ms) ensuring quality standards are met for designated Financial Systems in accordance with OMB A-123, as required. Information security weaknesses and supporting compliance activities.
ISSO shall support the ISO Inventory Management Team to identify and validate component information system assets.
Walkthrough inspection(s) of the information system facility, and interviews with key personnel such as ISSM, technical personnel, and system owner
Conduct Outreach and Assistance Visits
Tools and Security Clearance Requirements:
All personnel shall have:
o Relevant experience including hands on use of the Xacta IA tool and developing C&A and ATO packages in accordance with NIST SP, and FISMA compliance guidelines. Experience with DHS 4300A is a plus.
o A secret or Top Secret national security clearance.
o DHS Secret EOD or DHS Top Secret EOD preferred
Minimum Experience Requirements:
- Minimum/General Experience: A minimum of 8 years of experience is required.
- Minimum Education: A Master’s Degree in an appropriate discipline or industry equivalent experience required.