Job Title: OPR ISSO
Location: US-FL-Miami
Clearance Required: US Citizen
Salary: $130,000 Annually
Certifications: CASP+ or (CAP) OR ISC2 (CCSP) OR (CISA)
Job Details:
Experience Requirements:
- A minimum of a Bachelor’s degree coupled with 8 - 12 years’ experience in the Information Technology arena or Master's Degree with 6+ years of relevant experience.
- Minimum of 5 years of experience as an ISSO supporting major federal information systems/applications
- Bachelor Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university
- Knowledge with auditing security controls and financial processes
- Superior writing, communication and critical analysis skills
- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
- Working knowledge of the following policies: NIST SP 800-37, Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, DHS 4300A Policy and Handbook, CBP Information Systems Security Policies and Procedures Handbook (HB 1400-05),
Candidates shall possess and maintain one of the following professional certifications:
CompTIA Certified Advanced Security Practitioner (CASP+)
ISC2 Certified Authorization Professional (CAP)
ISC2 Certified Cloud Security Professional (CCSP) certification (The following certification is highly desired, but not required.)
ISACA Certified Information Systems Auditor (CISA)
Essential Requirements: US Citizenship is required.
Job Duties
- Our programs support multiple Federal agencies, the Department of Defense and often focused on the space initiatives of our government customers.
- Develop, draft, review and endorse all information systems security plans and other security authorization artifacts and documents such as:
- Standards for Security Categorization of Federal Information and Information Systems (FIPS 199) Assessment
- E-Authentication Determination
- Privacy Threshold Determination
- Privacy Impact Assessment (PIA)
- Risk Assessment Plans
- System Security Plans
- Controls Testing (Security Test and Evaluation (ST&E)) Plans
- Configuration/Change Management Plans
- Contingency Plans
- Contingency Plan Test and Test Results
- Section 508 of the Rehabilitation Act plans
- Plans of Actions & Milestones (POA&Ms)
- Policy waiver and risk acceptance requests
- Ensure that assigned systems are operated, maintained, and disposed of in accordance with applicable policies and procedures NIST SP 800-37, Rev 2, Risk Management Framework for Information Systems and Organizations:
- A System Life Cycle Approach for Security and Privacy
- Develop, review, maintain, and provide system security documentation for assigned systems, including System Security Plans, Interconnection Security Agreements, Contingency Plans, Plans of Action and Milestones, (POA&M), Waivers, and Exceptions through the FISMA system management tool in use to implement and manage the NIST Risk Management Framework.
- Assist the Government with the reporting and management of system level security violations and incidents.
- Assist the Government with the technical security evaluation of threats and vulnerabilities involving new/enhanced technology.
- Assist the Government with providing oversight to vulnerability scanning processes and procedures and security patch management/flaw remediation processes and procedures.
- Assist with development of cyber security SOPs, playbooks, work instructions, and other procedures and processes to mature cyber security capabilities.