Senior Information Systems Security Officer (ISSO) - Washington DC

Senior Information Systems Security Officer (ISSO) - Washington DC

Tyto Athene is searching for a Senior Information Systems Security Officer (ISSO) with privacy experience. The candidate will ensure that security requirements for information systems meet FISMA requirements. Assist our client's Privacy Officer in overseeing ongoing activities related to the development, implementation, maintenance of, and adherence to federal and organizational policies and procedures concerning the confidentiality of Personally Identifiable Information (PII) and other sensitive information. The ISSO will be involved in the application of federally mandated privacy laws, regulations, policies, and procedures to the specific privacy requirements, be knowledgeable in federal privacy laws and regulations and their relationship to the Privacy Act of 1974, the E-Government Act of 2002, and the Freedom of Information Act (FOIA).

Responsibilities:

• Develop and update security authorization packages in accordance with the client's requirements and the agency's adoption of NIST and RMF. Core documents that the candidate will be responsible for are the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, Security Impact Assessments, Risk Assessments, etc.
• Develop and maintain the Plan of Action and Milestones and support remediation activities to include the continuous monitoring process
• Maintain an inventory of hardware and software for the information system security boundary
• Develop, coordinate, test, and train on Contingency Plans and Incident Response Plans
• Perform risk analyses to determine cost-effective and essential safeguards
• Support Incident Response and Contingency activities
• Document implementation statements using NIST 800-53 guidance
• Review scan reports of the application, network, and database
• Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
• Coordinate with multiple stakeholders to complete mandatory agency data calls in a timely manner
• Conduct Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs), Remain current with new developments in OMB policies and NIST guidelines
• Perform studies, technical assessments, surveys, and evaluations for detecting privacy weaknesses and deficiencies and recommend appropriate safeguards
• Perform validation testing of weaknesses and deficiencies and update the documentation accordingly
• Assist with the development of privacy policies and procedures for the client

Qualifications: Required:

• Minimum Education: Bachelor's Degree with a minimum of 8 years of relevant experience functioning as an ISSO
• Thorough understanding and knowledge of FISMA and SPA&A process
• Experience with NIST publications, OMB circulars, and memoranda, and CNSS publications and their requirements and impact on system security
• Proficiency in writing technical analysis reports
• Strong written and oral communication skills/critical thinking
• Good judgment and business acumen
• Good relationship management
• Strong technical, analytical, troubleshooting, interpersonal, time management, and written/verbal communication skills and be able to work independently or within a team environment
• Ability to work quickly, efficiently, and accurately in a dynamic and fluid environment
• Knowledge of and proficiency in federal government privacy programs is required
• A demonstrated understanding of information privacy, including information access, the release of information, and implementation of control technologies as they apply to privacy information contained in electronic and non-electronic media

Desired:

• Preferred certifications: CRISC, CAP, CISSP, Sec+, or equivalent
• Understanding and experience with ServiceNow, CSAM, GRC FedRAMP and non-FedRAMP cloud experience
• Experience with vulnerability assessments tools such as Nessus, Qualys
• Experience in administrating BSD/UNIX, Windows, Windows NT, LINUX, or open systems-compliant systems
• Policy writing background is highly preferred
• CIPP/G/US Certification is a PLUS.

Clearance:

• US Citizen with Public Trust eligibility required

Location:

• This is a hybrid role with expectations of being on the client site a few days a week.

About Tyto Athene: Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $120,000-$130,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. Benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.