Position: Information Systems Security Officer
DEC 19, 2018
IT Security, information assurance, and compliance supporting classified client systems.
Manage the remediation of POA&M items.
Develop and maintain system security documentation in accordance with FISMA, NIST, and CNSSI-1253 guidelines.
Assess security controls and facilitate timely identification, communication and recommended resolution of security risks.
Support customers at the highest levels in the development and implementation of doctrine and policies.
Participate in the development or revision of System-specific security safeguards and local operating procedures.
Must be proficient in administering Nessus vulnerability scans and able to perform interpretations of the vulnerability scan results to determine risk priority remediation and mitigation strategies.
Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
Work closely with certifiers and assessors to navigate the client A&A process and produce appropriate accreditation documentation.
Facilitate timely identification, communication and recommended resolution of security risks within assigned systems.
EDUCATION & EXPERIENCE
9 - 15 years of experience and BA/BS in computer science, information systems management, mathematics, engineering, or related scientific field.
Experience designing and implementing the NIST Risk Management Framework
Experience designing, implementing, assessing and monitoring NIST 800-53 security controls
Experience advising in the implementation of insider threat and privacy protection
Experience with security assessments.
Experience in designing, documenting, evaluating and testing general computer controls for IT security, change management, and IT operations.
Experience with developing and maintaining Security A&A documentation.
Experience with internal controls, risk assessments, and controls design, DISA STIGS, testing, or operational auditing.
Strong written and verbal communication, particular for creating and presenting complete system security packages to audit teams that have achieved ATO status
CAP, CISA, or CISSP certification preferred or equivalent security certification
Security Clearance: TS/SCI
SONNY GUPTA, PARTNER