• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

ISSM

Cybersecurity specialist Patuxent

April 23, 2019 by Leave a Comment

Checkout the courses:
https://securitycompliance.thinkific.com

The job:

Position: Cyber Security Lead #ISSO #ISSM
Location: Patuxent River, Maryland
Full time position

Required Clearance: Secret / Top Secret
Required Certifications: IAT level III Certification.

Required Experience: Five (5) years of experience in IT security, including A&A and/or IT security risk analysis, preferably in support of the Federal Government

Skills:

· Managed team of people.
· Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST.
· Must be motivated and results oriented.
· Effective written and oral communication skills.
· Previous Federal Government or National Archive experience a plus
Role:
Provide subject matter expertise in the provision of information assurance (IA) support for certification and accreditation (C&A), DIACAP or RMF accreditation package and artifact generation, requirements analysis, security test and evaluation (ST&E) plans and execution, risk assessments, systems analysis and hardening, incident response and policy analysis, trusted product evaluations, IA program assessments, and security posture presentations. Provide analytical support for the development and submission of C&A documentation in compliance with the DIACAP or RMF requirements. Apply knowledge of technology, analyze the security implications of systems and applications security, and provide recommendations to decision-makers and engineers. Provide experience-based advice and assistance to facilitate C&A efforts.

Please provide the following information
Current Salary:
Salary Expectation:
Full Name:
Contact No:
Best time to call you:
Email address:
Current Location:
Relocation:
Availability:
Visa status:
Clearance:

Thanks & Regards,

Terry Dean
Sr. Technical Recruiter- Federal
E-Talent Network

8(a) / SDB | CMMI level 3 Certified
Direct: 703-687-6627 Ext.384
Email: terryd@etalentnetwork.com

Filed Under: cyberspace workforce, DIARMF, DIARMF Jobs, IT Security Jobs, risk jobs, Risk Management For DoD IT Tagged With: clearance, cybersecurity, Cybersecurity specialist Patuxent, IAT, ISSM

Need Information Systems Security Officer in Herndon, VA

April 8, 2016 by Bruce Brown Leave a Comment

Information Systems Security Officer

Location: Herndon, VA
Duration: 1 year
US Citizenship Required –  Public Trust or Secret Clearance Tier III
Summary• Advises key technical personnel of system regarding design, engineering and compliance requirements
• Advises key stakeholders of security posture and risks associated with the system
• Reviews configurations changes for the system and the impact of changes
• Creates, manages and facilitates NIST based security documentation and controls
• Identifies, manages and facilitates remediation of security weaknesses

Job Responsibilities/ Duties:
• Develop, consult, implement controls and documentation for the security of the system. This includes: outlining system operating environment, overall mission, physical diagrams, hardware and software inventories, configuration management, type of data processed, user organizations, security classifications, operating modes, interconnections to other systems/networks, security personnel, and other associated responsibilities.
• Oversee, develop, improve and maintain the overall security posture of the system; that includes: Information System Security Plans, Risk Ratings, Contingency Plans, Security Assessments, and Contingency Plan Tests and other associated documentation.
• Participate in the development or revision of security controls of the system and local operating procedures that are based upon regulatory, policy and industry requirements.
• Act as a consultant to system owners for the security of the system and system documentation. For example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans
• Provide expertise in classified and unclassified ratings to customers.
• Work closely with technical teams for successful Certification & Accreditation of the system that leads to ATO
• Attend ISSO training courses and sessions as required
• Perform interpretations of monthly vulnerability scan results of assigned systems

Required Training:
Senior Level IT Security Certifications (CCDP, CCNP Security, CISSP, CISM, etc.)
Education/Equivalent Training Required: Bachelor’s Degree or equivalent experience will be evaluated
Unique/Additional /Experience (Position Specifics):
Expert knowledge of FISMA and NIST Special Publications
Experience implementing, assessing and managing security controls for federal IT systems
Expert knowledge of IT security best practices
Expert knowledge of current IT security threats
Broad knowledge of IT technologies and operations
Ability to develop good working relationships with customers, colleagues and other stakeholders.
Excellent verbal and written communication skills
Ability to handle and prioritize multiple simultaneous systems, projects and other assignments.
Experience leading information security teams
Knowledge of HIPAA, FedRAMP, PCI, ISO and other standards
Location(s): District of Columbia (Metro Area),
Department: IT Security
Keywords: Certification and Accreditation, C&A, A&A, SA&A, FISMA, compliance, information assurance, ISSO, AISO, ISO, IASO and ISSM
Comments: US Citizen, US Government Suitability Determination and DoE Q Security Clearance is a Plus

Thanks & Regards,
Kartik Jain
Technical Recruiter
Direct : 908-765-0002 Ext: 388

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs, risk jobs Tagged With: A&A, AISO, c&a, Certification and Accreditation, compliance, FISMA, IASO, information assurance, ISO, ISSM, ISSO, SA&A

Security Analyst / Engineer role w/ USDA

January 25, 2016 by Bruce Brown Leave a Comment

Do you happen to be on the job market?  If so, this long-term position is in Fort Collins, CO, and relocation is included.  We offer a great benefits package (medical/dental/vision/401k/disability/etc.) and also a host of soft benefits (team family outings, holiday gatherings, sporting events, relaxed workstyle & attire, reasonable hours, etc.).  The job description is BELOW, and I’m available immediately if you’d like to learn more.

 

Also, if you know of someone else who might be interested, we do offer a finders’ fee for any referrals that we hire.  Have a great evening!

 

-Tyler

 

*** NOTE:  I’m not a robot, I did review your resume manually, and all responses come directly to me! ***

 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

POSITION SUMMARY:  SECURITY ANALYST / ENGINEER

 

Responsibilities:

  • Analyze business, functional, and non-functional requirements to create technical design and unit test strategy documents.
  • Design, test, and implement solutions based on requirements provided from the Enterprise Application Services, Office of the Chief Information Officer (OCIO), USDA
  • Design artifacts that follow the technical standards and guidelines
  • Work with staff to define solutions and implement those solutions according to the agreed upon design.
  • Control deployment of HP “Source Code Analyzer”
  • Review monthly and quarterly Retina and WebInspect scans and recommend technical solutions to mitigate vulnerabilities
  • Actively transfer knowledge and mentor staff members on various aspects of system specific administration, configuration, and development

Required Skills:

  • Experience collaboratively establishing secure configuration baselines for technologies such as Windows Server 2008 R2, or Red Hat Enterprise Linux Server 6.
  • Experience securing Oracle database suites or MS SQL databases (not looking for someone who only has network skills).
  • Experience performing IT product security specification reviews.
  • Experience designing/reviewing architectures for adequate security such as secure authentication methods.
  • Ability to use collaborative communication skills and establish productive working relationships.
  • Experience with documentation reviews, including A&A packages
  • Awareness of the diagnostic and mitigation aspects of Information Security Continuous Monitoring.
  • Assists Information Systems Security Managers (ISSMs) in generating ATO package and continuous monitoring artifacts.
  • Assists in documenting and managing artifacts in online SharePoint and CSAM security repositories.
  • Knowledge of Risk Management Framework
  • Knowledge of NIST, FISMA and other applicable guidance

Desired Skills:

  • Implement security controls in appropriate information systems.
  • Assess the effectiveness of the security controls once they have been implemented.
  • Determine agency-level risk to the mission or business case.
  • Authorize the information system for processing.
  • Monitor the security controls on a continuous basis
  • Implement security controls in appropriate information systems.

Filed Under: cyberspace workforce, DIARMF Jobs, risk jobs Tagged With: Information Systems Security Managers (ISSMs), ISSM, MS SQL databases, or Red Hat Enterprise Linux Server 6, risk management framework, Windows Server 2008 R2

Who has the authority to appoint an IAM (ISSM)

March 18, 2015 by Bruce Brown Leave a Comment

Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?

An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM).  The program manager, system manager or component commanders appoints the Information security security manager in writing.

According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.

In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2

The Army currently uses AR 25-2, Information Assurance (being replaced).  The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.

IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.

 

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance, information assurance degree online, Information Assurance Jobs, Risk Management For DoD IT, roles Tagged With: IAM, ISSM

info assurance

February 11, 2014 by Bruce Brown Leave a Comment

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.

Filed Under: Assurance Technology, Information Assurance, information assurance degree online, Information Assurance Jobs, operational risk Tagged With: army information assurance, IA, ia jobs, IAM, IAO, info assurance, information assurance, information assurance air force, information protection, ISSM, ISSO, system security plan

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in