Information System Security Officer (ISSO)

Responsibilities:

• Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2
• Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s)
• Continuously update all Security Authorization documentation to maintain assigned systems ATO or system go live dates
• Select the baseline security controls for the IT system, using Archer, and tailor where appropriate
• Document all relevant NIST 800-53 Security Controls for assigned IT systems
• Perform and document initial and annual risk assessments of all systems
• Develop and document all supporting Security A&A artifacts (PIA, SP, ITCP, BIA, CMP, MOU, ISA)
• Assist in the development of the Security Assessment Plan (SAP)
• Develop Security Assessment Reports (SAR)
• Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO)
• Track the deployment of software to the environment that is not part of the base image
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for assigned IT Systems

The Need-to-Have Skills & Qualifications:

• Working knowledge and experience with CSAM and RMF
• DHS experience
• Experience working with system stakeholders to assess and manage system cybersecurity risk
• Knowledge of the process to obtain a system ATO and requirements to maintain the ATO
• Experience working with system stakeholders to assess and manage system cybersecurity risk
• Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations
• Ability to write clear, concise and effective security control implementation statements
• Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
• Ability to draft a complete ATO package, to include the SSP.
• Ability to work independently and within given timelines.