|

Get new similar jobs by email for

Sr. ISSO

By continuing you agree to Monster's Privacy policy, Terms of use and use of cookies.
Monster
 
 
 
 

Job Summary

Company
Knowledge Consulting Group
Location
Arlington, VA 22202
Industries
Computer/IT Services
Job Type
Full Time
Employee
Years of Experience
5+ to 7 Years
Education Level
Bachelor's Degree
Career Level
Experienced (Non-Manager)
Job Reference Code
1483

Sr. ISSO

About the Job

Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors. 

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.  TS/SCI clearance is required.

The contract shall serve as the ISSO point of contact (“ISSO”) for information assurance activities at the IT system level, and will report directly to the Compliance Branch chief for general guidance and for assignments outside their typical ISSO duties. Each Information System within TSA is required to have an ISSO per DHS and NIST policy. Depending on system complexity, an ISSO may be assigned more than one system.

The ISSO shall ensure that management, operational, and technical controls for securing either National Security Systems or SBU level Information Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. The ISSO shall possess effective interpersonal and presentation skills as he/she operates in a client-facing role. The ISSO must possess experience with NIST 800 publications standards. The position requires experience with vulnerability scanning and assessments. The ISSO shall conduct Certification and Accreditation (C&A) activities in accordance with NIST 800-37 standards. All C&A deliverables must meet the metrics in the DHS Information Security Performance Plan; this plan will be provided upon contract award. The ISSO shall report IT Security events/incidents in the time prescribed by DHS MD 4300 IT Policy depending on the severity of the incident. The ISSO shall also respond to Information Security Vulnerability Management (ISVM) notifications and ensure all systems under their purview are in compliance with TSA and DHS IT Policies (these policies will be provided upon contract award) by the date prescribed. Per TSA and DHS policy, the ISSO shall be required to receive approval from the CISO for designation as the ISSO.

The ISSO shall manage single or multiple systems depending on the size and complexity. An example of a more complex system needing 120 days for Certification and Accreditation activities would be TSA‟s Secure Flight System, which is considered a General Support System. The Secure Flight system is located in multiple locations and consists of many different components and is internet facing. An example of a less complex system would be TSA‟s LINK System. LINKS is a major web application residing in one location. In the TSA environment today, there are typically over 80 TSA Information Systems and a minimum of 30 Development systems. There is an annual 10% expectation of growth for operational systems.

Of the 80+ operational TSA Information Systems and a minimum of 30 Development systems, IAD currently owns 4 in which ISSO support will need to be provided under Task Order #001. In the direct support and maintenance of these IAD systems with regard to C&A, the ISSO will support the IAD System Owner for their respective systems and provide C&A artifact maintenance, Continuous Monitoring and POA&M management support. This may include, but is not limited to, testing C&A tools, analyzing DHS requirements, editing pertinent trainings, and supporting the Risk Management with vulnerability management or other related duties.

The contractor shall execute the following activities:

  • Execute Certification & Accreditation activities program.
  • Assist in developing unified guidelines and procedures for conducting certifications and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.
  • Developing and present, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
  • Ensure IT systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication.
  • Conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS, AppDetective, WebInspect and ISS.
  • Assist with external/internal audits for designated systems.
  • Report incidents within the timeframe prescribed by DHS 4300 policy for incident response.

Requirements:
Minimum 5 years of experience

Candidate  must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.

  • Contractor shall be able to manage single or multiple systems depending on the size and complexity. Experience shall be clearly outlined in resume.
  • “Working knowledge" of DCID 6/3 (with Protection Levels 1 - 5), ICD 503, ICS 500-8, DoDIIS, JDCSISSS, and other applicable IC information systems certification and accreditation policies.
  • Knowledge of Information Security and Auditing is desired. Knowledge of Federal and DoD Guidance DHS 4300A, DHS 4300C, (DoDD 8500.1, DoDI 8500.2), DIACAP, NIACAP, and Certification & Accreditation processes
  • Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53 and 800-53a.
  • 5-7 years related experience required in performing Information Assurance (IA) responsibilities including planning, testing, and documenting of Information Technology (IT) systems and networks.
  • Previous experience creating all necessary Certification and Accreditation documentation. Experience shall be clearly defined in the resumes
  • ‘Working Experience’ as an Information Assurance Security Officer (IASO) or Information Systems Security Officer (ISSO); performing IA Vulnerability Assessment Scans and patches; IA Incident Handling procedure, IT Security Investigations and reporting;  Microsoft Window server Operating Systems as operating systems' administrator, network administrator, ISSO, or ISSR for systems; Familiarity with DISA STIGS, SRRs and STIG-Tools TCP/IP, LAN networking, configuration of O/S, server installation/configuration, client installation, FTP, Telnet, shell scripting, and web technologies.
  • Experience working with and being interviewed by external auditors.  Experience writing and editing technical documentation; writing and developing security policies, procedures, and guidelines. 
  • Ability to communicate using clear and concise language when both speaking and writing.
  • Possess operational knowledge of current security best practices, including firewalls, IDS/IPS, encryption technologies, application and OS security, contingency planning, access control, incident response, and auditing.
  • Ability to conduct self-assessments and perform formal risk analysis
  • "Familiar" with DHS or DoD, IC, and National Security Policies, Regulations, Directives, Instructions governing Information Systems Security & Accreditation and Information Assurance.
  • Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues. Must have excellent communications, teamwork, leadership and conflict management skills. Must be committed to continuous learning and system development.
  • Certifications: Relevant Information Assurance certificate, e.g. A+, Network+, Security+, CISSP, CISM, ISSEP, SSCP, GSEC, SCNP, SSCP, CISA, GSE, SCNA, or similar.

Strong verbal and written communication skills are highly preferred.  It is highly desired that candidates possess strong interpersonal skills.  Candidates must be fluent in the English language. 

Candidates may be asked to provide a writing sample.

Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.


 

If interested in the position, please apply directly through our website:

https://ch.tbe.taleo.net/CH14/ats/careers/requisition.jsp?org=KNOWLEDGECG&cws=1&rid=2365

 

If you have questions or have trouble applying, you may contact:  katie.hanson@knowledgecg.com.

 

 

Job Tools

  • Follow Company
    Your information may be shared with the company.
  • Following Company
  • Print
  • Share
  • Report this job