Information System Security Officer - Washington, United States - Mavinsys LLC
Description
Position Description:
Roles and Responsibilities:
- Services to support IS Security performed by the Senior Cloud Information System Security Officer (ISSO), at a minimum, shall consist of the following activities:
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
- Provide liaison support between the system owner and other IS security personnel
- Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
- Ensure that system security documentation is developed, maintained, reviewed, and updated continuously
- Conduct required IS vulnerability scans according to risk assessment parameters.
- Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
- Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs)
- Coordinate system owner concurrence for correction or mitigation actions
- Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO)
- Ensure that changes to an agency IS, its environment, and operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)
- Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR
- Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed, and entity type
- Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary
- Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreements (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any nonagency or jointuse IS
- Perform an independent review of the System Security Plan (SSP) and make approval decisions
- Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official
- Schedule security control assessments in coordination with the system owner.
- Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision
- Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number
- Advise the agency's authorized official on IS vulnerabilities and residual risks.
- Ensure that all POA&M actions are completed and tested
- Coordinate initiation of an eventdriven reauthorization with the agency Authorizing Official
- Ensure the removal and retirement of agency ISs being decommissioned in coordination with the SO, ISSM, ISSE, and ISSR
Pay:
$110, $120,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Health insurance
- Paid time off
- Vision insurance
Experience level:
- 10 years
License/Certification:
- CISSP (preferred)
- Certified Information Systems Auditor (preferred)
Ability to Commute:
- Washington, DC preferred)
Ability to Relocate:
- Washington, DC 20001: Relocate before starting work (preferred)
Work Location:
In person
More jobs from Mavinsys LLC
-
Rn Labor and Delivery
White Plains, United States - 3 weeks ago
-
Plant Manager
Katy, United States - 2 weeks ago
-
Business Analyst Iii
Los Angeles, United States - 1 week ago
-
Electrical Maintenance Technician
Saukville, United States - 6 days ago
-
Front End Developer
San Jose, United States - 2 days ago
-
Senior Project Engineer
Freehold, United States - 1 week ago