Information System Security Officer (ISSO) Cloud SME

Morrisville, NC

Company Name :IBA Infotech LLC

Type : Contract

Primary Skills : CPTE, CHE, NIST, RMF

Location : Morrisville

CTC : DOE

Job Description:

Responsibilities:

  • Provide Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Work closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Assess and mitigate system security risks; determines and analyzes security requirements for implementation and testing
  • Review and continuously monitors implemented security controls
  • Create and maintain security checklists, templates and other tools to aid in the A&A process
  • Perform security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements
  • Perform risk analyses to determine and recommend essential safeguards
  • Proactively mitigate system vulnerabilities and recommends compensating controls
  • Prepare security authorization packages in accordance with the client contractual requirements
  • Develop core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc
  • Monitor and Maintain client-specific Plan of Action and Milestones and supports remediation activities
  • Monitor and Maintain an inventory of hardware and software for the information system
  • Monitor and Develop, test and train on Contingency and Incident Response planning
  • Conduct and review independent scans of application with Program Team, network and database and utilizes Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.

 

Must hold one or more of the following certifications:

  • Certified, Penetration -Testing Engineer (CPTE)
  • Certified Ethical Hacker (CHE)
  • Experience in working with security management including information governance and compliance
  • Experience and a good understanding of Assurance Practices and Risk Management
  • Experience of security processes and standards, (preferred) National Institute of Standards and Technology (NIST) 800-series and Risk Management Framework (RMF)
  • Ability to influence OCISO Delivery system stakeholders in the execution of security and compliance requirements
  • Knowledge of the security countermeasures and overall (RMF) and (NIST) compliance
  • Experience as a Security consultant in Risk and Compliance
  • Knowledge of security audit and accreditation processes
  • Ability to interpret requests for proposals and respond to security and compliance requirements
  • Knowledge of Federal Security, industry and market trends
  • Understand federal security and regulations impacting security requirements to develop strategies for supporting internal United States Postal Service (USPS) operations
  • Must be able to work the standard workweek (5 days a week and 8 hours per day)
  • Must have the ability to travel for work
  • Must have excellent communication and grammar skills