execute complete Risk Management Framework (RMF) activities for Authority to Operate (ATO) decisions
develop and maintain System Security Plans (SSPs)
create and maintain Configuration Management Plans
conduct Security Impact Analyses
approve Change Requests
test configuration changes
develop and test Contingency Plans and Incident Response Plans
conduct Risk Assessments, annual security assessments, and vulnerability assessments
develop security architecture designs, requirement traceability matrices
advise system owners and senior executives on all cybersecurity matters
develop remediation work plans for audit findings
maintain Hardware and Software Inventory Lists
conduct FISMA Scorecard Analysis on a daily basis
prepare Security Test Plans and Security Test Reports
generate Risk Assessment Reports
produce Weekly Activity Reports and Monthly Program Reports
ensure proper access controls are implemented for both system access and physical access

U.S. Citizenship required
Active Secret security clearance required
FEMA EOD suitability or Current DHS or FEMA EOD preferred
BS/BA + 15 years of applicable experience in information security
Must have one of the following Information Assurance Technician (IAT) Level III qualifications:
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
CompTIA Advanced Security Practitioner (CASP+)
10+ years of experience in information security
Demonstrated expertise in RMF, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security
Experience developing System Security Plans, POA&Ms, and Configuration Management Plans
Knowledge of NIST SP 800-37, NIST SP 800-53, and DHS 4300 Series requirements

Senior Information System Security Officer

Key skills