Performs ISSO duties with primary focus on IT security controls assessments for systems/applications in support of IT Continuous Monitoring initiatives; identifies system/application security controls deficiencies and develops POA&Ms accordingly; plays a leading role with remediating security control deficiencies with Federal Managers, System Owners, and Application and System Developers, Engineers and Administrators; ensures that all required FISMA, A-123, annual IT Security Self-Assessment documentation and reporting deadlines are achieved; develops IT system documentation (e.g., SSP, CP, CMP and SCA reports)
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required w/ the ability to get SCI.
- Bachelors degree is preferred, CISSP, CAP, CISM or GSLC required.
- 5 years of experience is a minimum.
- Demonstrated experience as an ISSO supporting major Federal systems/applications
- Must have proven experience conducting IT security controls assessments as an IT system/application auditor in support of FISMA, A-123 and annual self-assessment (NIST 800-53) initiatives
- Experience developing, tracking and managing POA&Ms
- Experience developing system/application C&A documentation (SSP, CP, CMP, SCA reports, etc.)
- Demonstrated ability to analyze, recommend and apply technology solutions which meet the security control requirements specified by OMB Circular A-123, FISMA and NIST guidance
- Broad knowledge of Federal IT security policy and guidance (OMB Circular A-123, FISMA, and NIST-800 series)
- Must have excellent written and verbal communications skills and be able to work with Federal Managers, System Owners and other staff responsible for the systems/applications being assessed
- Strong problem analysis and resolution skills
- Must be able to work collaboratively as well as independently
- Experience interpreting IT vulnerability scanning results
- Risk assessment experience, especially with NIST 800-30 threat identification, system security categorization, gap analysis, compliance reporting
- Excellent verbal and written communication skills