Become part of the XLA team supporting the National Archives and Records Administration (NARA) located in College Park, MD. XLA is looking for an Information Systems Security Officer (ISSO). The ISSO will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, POA&M management, ISO 27001 requirements, NIST 800 Series Special Publications, Federal Information Processing Standards (FIPS), FedRAMP Authorizations, and other regulatory compliance requirements. The individual will be responsible for assisting in federal audit that may occur during their employment.
Principle Duties and Responsibilities
- Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps
- Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
- Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums
- Identify, assess, and prioritize identified risks
- Collect evidence, artifacts, and document findings to support conclusions
- Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
- Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
- Coordinate third-party risk assessments and IT audits
- Manage remediation efforts and report on the status of control deficiencies
- Support security initiatives and global policy adherence and awareness efforts
- Support global information security metrics and reporting program(s)
- Provide security expertise to business units and key stakeholders
- Enforce policy adherence and manage formal policy exception requests
- Provide timely status updates/reporting on assessments and assigned project
Required Skills, Knowledge and Experience
- Masters in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline
- Security Industry Certifications such as CISSP
- Ten (10) years of experience in IT security, including SA&A and/or IT security risk analysis, preferably in support of the Federal Government.
- Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST Special Publications 800 series.
- Industry recognized and accepted certifications relating to IT security preferred (CISSP, GIAC, CEH, TNCP, Security+, Network+ etc.).
- Ability to work independently and also collaborating with application developers, engineers and others.
- Must be motivated and results oriented.
- Effective written and oral communication skills.
- Previous Federal Government experience a plus.
- Experience with some of the following technologies is highly desirable:
- Xacta IA Manager and Continuum™
- Tenable Security Center
- Active TS/SCI