RMF Assessment and Authorization/ISSO

Job Description

Job Description

POSITION SUMMARY:

We are seeking a highly skilled and experienced Risk Management Framework (RMF) Assessment and Authorization/Information System Security Officer (ISSO) to join our team. The ideal candidate will have a minimum of five years of overall IT or cybersecurity experience, including at least three years of working knowledge in Government Community Cloud High (GCC-H) environments/GCC. This role involves ensuring compliance with federal security standards, managing system security controls, and supporting the assessment and authorization process. The RMF Assessment and Authorization/ISSO will play a critical role in safeguarding digital assets and ensuring the security of vital electronic infrastructure.

ROLE AND RESPONSIBILITIES:

1. Security Planning and Implementation:
   • Planning, implementing, upgrading, or monitoring security measures to protect computer networks and information.
   • Ensuring appropriate security controls are in place to safeguard digital files and vital electronic infrastructure.
2. Risk Assessment and Mitigation:
   • Assessing system vulnerabilities for security risks and proposing and implementing risk mitigation strategies.
   • Providing recommendations to address identified risks and improve overall security posture.
3. Incident Response:
   • Responding to computer security breaches, viruses, and other security incidents.
   • Investigating and analyzing security events to determine root causes and implement corrective actions.
4. Compliance and Reporting:
   • Tracking, reporting, and providing year-round recommendations on Plan of Action & Milestones (POA&Ms).
   • Maintaining Federal Information Security Modernization Act (FISMA) inventory records using the Xacta360 app/tool.
5. RMF Assessment and Authorization:
   • Supporting the RMF process, including system categorization, control selection, implementation, assessment, and continuous monitoring.
   • Preparing and maintaining security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessment Reports (RARs).
6. Continuous Monitoring and Improvement:
   • Monitoring security systems and tools to ensure compliance with federal security standards.
   • Driving continuous improvement in security processes and tools to enhance efficiency and effectiveness.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree.
• Minimum of five (5) years of overall IT or cybersecurity experience
• At least three (3) years of hands-on experience inGovernment Community Cloud High (GCC-H)/GCC environments.
• Knowledge, skills, and abilities to operate, maintain, and upgrade two or more of the following tools: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, NetWitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, and ServiceNow.
• Strong analytical, problem-solving, and communication skills.
• Ability to pass aPublic Trust background checkprior to onboarding.