Tag Archives: ISSO

Information System Security Officer DC

checkout the courses:
http://securitycompliance.thinkific.com

****
Title: Information System Security Officer (#ISSO)
Location : Washington, DC
Duration : Full time

Active Clearance required.

Description:
The contractor shall assist the government in the assessment process for all new and legacy systems to determine the security requirements associated with each system. The contractor shall interact with both technical and non-technical personnel in order to conduct a comprehensive review of a system, network or application. This is a technical role requiring moderate to advanced knowledge of security engineering, the #ATO process, enterprise monitoring, and incident response. The contractor shall assist in building or refining the program to achieve the assessment process. The contractor shall work with various elements of the cybersecurity team to understand roles, missions and requirements in order to inform this process.

Minimum Qualifications and Experience
At least 3 years serving as an Information Systems Security Officer (ISSO) at a cleared facility.
Minimum of 5 years work experience in a computer science- or Information Assurance-related field.
At least one of the following certifications: Certified Information Systems Security Professional (#CISSP), Global Information Security Professional (#GISP), or the CompTIA Advanced Security Practitioner (#CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction #8570.1 IAM Level III proficiency.
Familiarity with the use and operation of security tools including Tenable. Nessus and/or SecurityCenter, IBM Guardium, Client Weblnspect, or like applications and Network Mapper (#NMAP).
A bachelor’s or advanced degree in Computer Science, Information Assurance, or Engineering is preferred.

Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at zoeyw@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (703) 261-7028 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
ZoeyWest
E TalentNetwork

Home


8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(703) 261-7028 Ext.267

Information System Security Officer sunnyvale, CA

check out my courses:
http://securitycompliance.thinkific.com

*****
the job in this video:
Job Title: Information Systems Security Officer
Location: Sunnyvale, CA
Duration: 6 Months (Possible extension)


Secret Clearance

Job Description:
Performs system and program auditing to ensure compliance to system security plan.
Conducts risk assessments and provides recommendations for secure implementation and compliance in accordance with government regulations and information assurance/cybersecurity guidelines. Creates, maintains and submits information system security documents and reports to regulatory agencies and leadership.
Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security documentation; assists with the implementation of security procedures; verifies information system security requirements; performs information system certification and accreditation planning, testing, assessing and liaison activities.
Familiar with information system security architectural documentation standards.
Able to apply information assurance / cyber security standards, directives, guidance and policies to an architectural/risk based framework.
Provide architectural / risk based analysis of information assurance / cyber security features and relate existing system to future needs and trends and requirements.

Skills Required
Windows client/server background. Some UNIX/LINUX technical experience, knowledge of OS security requirements and IS (Information Systems) auditing experience.
HBSS and SIPRNet experience required.

Experience Required
Previous ISSO and SIPRNet experience needed.

Education Required
Bachelor or equivalent work experience.

Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at zoeyw@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (703) 261-7028 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
ZoeyWest
E TalentNetwork

Home


8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(703) 261-7028 Ext.267

Need Information Systems Security Officer in Herndon, VA

Need Information Systems Security Officer in Herndon, VA

Information Systems Security Officer

Location: Herndon, VA
Duration: 1 year
US Citizenship Required –  Public Trust or Secret Clearance Tier III
Summary• Advises key technical personnel of system regarding design, engineering and compliance requirements
• Advises key stakeholders of security posture and risks associated with the system
• Reviews configurations changes for the system and the impact of changes
• Creates, manages and facilitates NIST based security documentation and controls
• Identifies, manages and facilitates remediation of security weaknesses

Job Responsibilities/ Duties:
• Develop, consult, implement controls and documentation for the security of the system. This includes: outlining system operating environment, overall mission, physical diagrams, hardware and software inventories, configuration management, type of data processed, user organizations, security classifications, operating modes, interconnections to other systems/networks, security personnel, and other associated responsibilities.
• Oversee, develop, improve and maintain the overall security posture of the system; that includes: Information System Security Plans, Risk Ratings, Contingency Plans, Security Assessments, and Contingency Plan Tests and other associated documentation.
• Participate in the development or revision of security controls of the system and local operating procedures that are based upon regulatory, policy and industry requirements.
• Act as a consultant to system owners for the security of the system and system documentation. For example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans
• Provide expertise in classified and unclassified ratings to customers.
• Work closely with technical teams for successful Certification & Accreditation of the system that leads to ATO
• Attend ISSO training courses and sessions as required
• Perform interpretations of monthly vulnerability scan results of assigned systems

Required Training:
Senior Level IT Security Certifications (CCDP, CCNP Security, CISSP, CISM, etc.)
Education/Equivalent Training Required: Bachelor’s Degree or equivalent experience will be evaluated
Unique/Additional /Experience (Position Specifics):
Expert knowledge of FISMA and NIST Special Publications
Experience implementing, assessing and managing security controls for federal IT systems
Expert knowledge of IT security best practices
Expert knowledge of current IT security threats
Broad knowledge of IT technologies and operations
Ability to develop good working relationships with customers, colleagues and other stakeholders.
Excellent verbal and written communication skills
Ability to handle and prioritize multiple simultaneous systems, projects and other assignments.
Experience leading information security teams
Knowledge of HIPAA, FedRAMP, PCI, ISO and other standards
Location(s): District of Columbia (Metro Area),
Department: IT Security
Keywords: Certification and Accreditation, C&A, A&A, SA&A, FISMA, compliance, information assurance, ISSO, AISO, ISO, IASO and ISSM
Comments: US Citizen, US Government Suitability Determination and DoE Q Security Clearance is a Plus

Thanks & Regards,
Kartik Jain
Technical Recruiter
Information Systems Security Officer in Herndon, VA

Information Systems Security Officer in Herndon, VA

Information Systems Security Officer 

US Citizenship Required –  Public Trust or Secret Clearance Tier III

Location: Herndon, VA
Duration: 1 year
Summary• Advises key technical personnel of system regarding design, engineering and compliance requirements
• Advises key stakeholders of security posture and risks associated with the system
• Reviews configurations changes for the system and the impact of changes
• Creates, manages and facilitates NIST based security documentation and controls
• Identifies, manages and facilitates remediation of security weaknesses

Job Responsibilities/ Duties:
• Develop, consult, implement controls and documentation for the security of the system. This includes: outlining system operating environment, overall mission, physical diagrams, hardware and software inventories, configuration management, type of data processed, user organizations, security classifications, operating modes, interconnections to other systems/networks, security personnel, and other associated responsibilities.
• Oversee, develop, improve and maintain the overall security posture of the system; that includes: Information System Security Plans, Risk Ratings, Contingency Plans, Security Assessments, and Contingency Plan Tests and other associated documentation.
• Participate in the development or revision of security controls of the system and local operating procedures that are based upon regulatory, policy and industry requirements.
• Act as a consultant to system owners for the security of the system and system documentation. For example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans
• Provide expertise in classified and unclassified ratings to customers.
• Work closely with technical teams for successful Certification & Accreditation of the system that leads to ATO
• Attend ISSO training courses and sessions as required
• Perform interpretations of monthly vulnerability scan results of assigned systems

Required Training:
Senior Level IT Security Certifications (CCDP, CCNP Security, CISSP, CISM, etc.)
Education/Equivalent Training Required: Bachelor’s Degree or equivalent experience will be evaluated
Unique/Additional /Experience (Position Specifics):
Expert knowledge of FISMA and NIST Special Publications
Experience implementing, assessing and managing security controls for federal IT systems
Expert knowledge of IT security best practices
Expert knowledge of current IT security threats
Broad knowledge of IT technologies and operations
Ability to develop good working relationships with customers, colleagues and other stakeholders.
Excellent verbal and written communication skills
Ability to handle and prioritize multiple simultaneous systems, projects and other assignments.
Experience leading information security teams
Knowledge of HIPAA, FedRAMP, PCI, ISO and other standards
Location(s): District of Columbia (Metro Area),
Department: IT Security
Keywords: Certification and Accreditation, C&A, A&A, SA&A, FISMA, compliance, information assurance, ISSO, AISO, ISO, IASO and ISSM
Comments: US Citizen, US Government Suitability Determination and DoE Q Security Clearance is a Plus

Thanks & Regards,
Kartik Jain
Technical Recruiter
information system security officer

Information security officer

Information security officer (aka Information system security officer, ISSO) is an important role in the risk management process.  In fact, they are often the foot soldiers “charging the hill” during the entire risk management framework process.. (or sometimes, “ice skating uphill”).

The information system security role begins at the Initial phase of the System Development Lifecycle (SDLC).  According to the NIST SP 800-37, “The information system security officer is an individual responsible for ensuring that the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the information system owner”.  In the legacy DIACAP days this role was called  Information Assurance Officer (IAO).  The ISSO is created and managed by the Information System Security Manager (ISSM).

information system security officer
information system security officer

The information security officer is often expected to do multiple security disciplines not limited to: technical, administrative or even  physical security.

From a technical perspective, the ISSO can be tasked with doing continuous monitoring of threats, data loss prevention, detecting and resolving vulnerabilities using tools like security information and event managers (SIEM), vulnerability scanners, and anti-virus servers. They may assist the system administrators in implementing required security patches.  They may have to review code for security flaws, help with initial security architectures, conduct incident handling or any number of technical security tasks.

The administrative “to do list” of an information security officer might include creating, editing or reviewing security policies.  They may write standards, guideline and best practices related to the security features of systems.  Paperwork and policy in security requires a LOT of meetings and coordination with other parts of an organization.  The ISSO must be very good at dealing with technical subject matter experts and managers at every level since they are often the one in the middle of everything.

Information security officer’s are sometimes in-charge of making sure the physical security surrounding the information system is commensurate with the level of the information that needs to be protected.  That means that if the information on the asset is classified it may have to have MORE physical security than a system that has data processed on a web server for the public.  To do this, the ISSO will have to work with facility managers, security guard services and even building developers (in some cases).  They may also have to do crypto security.

The overall job of the ISSO is to maintain the security posture and security baseline of the system. For this reason they often wear many hats.

stack

info assurance

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.