Information Systems Security Officer, Mid
McLean, Virginia, United States of America
Full Time
4 days ago
$110,800 - $185,100 USD
No Visa Sponsorship
Key skills
Cyber SecurityTypeScriptIAMLeadershipRisk ManagementCommunicationCollaborationFirewall
About this role
Role Overview
- Maintain the appropriate operational security posture for assigned Information Systems (IS) and networks in accordance with cybersecurity policies, directives, and Information Assurance (IA) Standard Operating Procedures (SOP)
- Ensure the Confidentiality, Integrity, and Accessibility of all IS resources, organic to the supported organization, maintain a high level of operational availability
- Serve as the principle technical advisor to the Information Systems Security Managers (ISSM), Program Security Officers (PSO), and Delegated Authorizing Officials (DAO)
- Perform functional duties, as the alternate ISSM, to maximize operational readiness and effectiveness.
- Provide expertise, to maintain the Authority to Operate (ATO) and Authorization to Connect (ATC) for assigned IS, ensuring Risk Management Framework (RMF) compliance
- Provide support to Program Management Offices (PMOs), by conducting site surveys and providing technical information, to develop RMF artifacts to support ATO/ATC and to facilitate IS deployments and successful integration.
- Perform IS lifecycle management to facilitate requirements engineering, procurement, integration, operational sustainment, and destruction.
- Provide the organization, subject matter expertise to prepare for cybersecurity, physical and personnel security assessments from senior management.
- Perform cybersecurity assessments for IS, within your area of responsibility, on a regular and consistent basis to identify potential vulnerabilities, evaluate the effectiveness of existing security controls, and ensure compliance with relevant policies and regulations.
- Develop supporting documentation, such as Plan of Action and Milestones (POA&M) and inspection reports, to coordinate events, capture discrepancies, and document remediation strategy for supported organizations.
- Develop and integrate policy and procedures to reinforce Access Controls (AC) for identified vulnerabilities.
- Participate in professional engagements with supporting and supported organizations, for successful collaboration, and to ensure assigned projects deliver desired results.
- Develop and maintain IS documentation to capture changes to the system, its operating environment, and to advice the Configuration Control Board (CCB) on ATO/ATC conflicts.
- Conduct cybersecurity audits and maintain audit record management, ensuring audit records are collected, reviewed, documented, and archived.
- Complete necessary, initial/annual, training to establish and maintain access to supported systems and networks.
Requirements
- 5 years of information systems management and cybersecurity experience
- Active TS clearance with SCI eligibility
- Proficient in firewall administration, intrusion detection systems, anti-virus software, and data encryption
- In-depth knowledge of information security principles and practices, including NIST SP 800-53 controls, DoD Risk Management Framework (RMF), and DoD Instruction 8510.01
- Experience with cybersecurity RMF compliance and regulatory requirements
- Strong analytical, problem-solving, and decision-making skills
- Strong communication skills, adept at briefing executives and program IPT level leadership
- Self-starter, strong work ethic, and willingness to be a contributing IPT member.
- Must possess an active DoD 8140/8570.01-M baseline certification at IAM Level II or higher (e.g., SecurityX CE, CySA+, CISSP, or CISM). Candidates without IAM Level II on day one may be considered if they currently meet IAT Level II and can obtain an IAM Level II certification within an agreed-upon timeframe.
Tech Stack
- Cyber Security
- TypeScript
Benefits
- Comprehensive benefits package
- Healthcare benefits
- Paid leave
- Retirement plans
- Insurance programs
- Education and training assistance