EPMPoint is seeking a skilled Information Systems Security Officer (ISSO) for enterprise SharePoint and M365 Implementation at Federal Client.
As an Information System Security Officer (ISSO), you are the voice of authority for keeping information safe within your organization. Your work helps Business Owners manage their FISMA systems in a way that protects the personal and health information of the people who depend on CMS for benefits. You oversee the security and privacy posture of the system(s) entrusted to your care, coordinating all IT risk management activities and acting as your Business Owner’s “go-to person” for security questions and needs. You also help promote a "risk-based approach" to information security at CMS. This means not only ensuring compliance but also using tools and practices that continually evaluate system security so risks are spotted earlier.
Core Competencies The ISSO role supports the confidentiality, integrity, availability, reliability, and non-repudiation of CMS’ information contained in and transmitted from systems and networks by implementing security laws, regulations, policies, standards, and control techniques.
Knowledge:
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of computer networking concepts and protocols, and network security methodologies
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
- Knowledge of enterprise incident response program, roles, and responsibilities
Skills:
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
- Skill in developing and applying security system access controls
- Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
- Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning)
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes Ability:
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Ability to review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
Experience
- Work experience minimum 5 years in computer security
- Familiarization with the information systems of the component / office
- A degree in computer science, mathematics, electrical engineering, or a related field
- Active Certified Information System Security Professional (CISSP®) certification
- Experienced with achieving ATO for enterprise systems in Federal govt. environment.
- Uses knowledge of continuity assurance principles, methods, and practices to plan, implement and ensure continuous service;
- Assesses risks associated with systems and information including identifying, understanding, and resolving associated vulnerabilities;
- Considers privacy, security and accessibility of government websites;
- Keeps up to date on standards and determines or recommends levels of security protection required to protect and close exposure/risk to systems and information, in accordance with organization and federal standards;
- Uses the concepts of confidentiality, integrity and availability as applied to information systems security;
- Recommends cost effective methods to reduce risks to systems and information;
- Reviews the types of and uses or recommends the most effective security controls as directed by Federal policies and procedures;
- Ensures procedures for detecting, reporting and responding to security incidents are consistent with and follow standards and guidelines issued by applicable governing entities and regulations;
- Identifies and evaluates resources needed to achieve acceptable levels of security and to remedy deficiencies based on system criticality and information sensitivity; and
- Clearly understand the implications of legislation, regulations, and standards related to information assurance and security.
Job Type: Full-time
Pay: $125,000.00 - $160,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Flexible spending account
- Health insurance
- Health savings account
- Paid time off
- Vision insurance
Compensation package:
Experience level:
Schedule:
License/Certification:
- CISSP (Required)
- Certified Information Systems Auditor (Preferred)
Security clearance:
Work Location: Remote