CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence and innovation in the solutions we have provided our clients across healthcare, national security, and the public sector.

We are seeking an Information System Security Officer to join our team of experts tasked with securing the critical networks and systems our clients depend on.

Responsibilities:

• Serve as the principal advisor to the system owner on all matters, technical and otherwise, involving the security of an information system'
• Provide expertise in and perform actions related to:
  • Assessment and Accreditation
  • Continuous Monitoring
  • Reviewing scan results
  • Audit log reviews
  • Change Management
  • Vulnerability Management
  • Incident Response
  • Handling of Privacy-related and sensitive data
• Prepare and maintain required artifacts, i.e., system security plan(s) and associated documentation
• Work with other stakeholders to ensure necessary artifacts are in place, i.e., policy, procedures, training, etc.
• Advise and notify management (e.g., system owner, Chief Information Security Officer, (CISO), Chief Information Officer [CIO], and/or Authorizing Official (AO)) on:
• Collect and maintain data needed to meet system cybersecurity reporting
• Support customers at the highest levels in the development and implementation of doctrine and policies, information security program management, and cybersecurity management
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands
• Experience demonstrating strong analytical, troubleshooting and problem-solving skills for security information and event management
• Ensure security improvement actions are evaluated, validated, and implemented as required.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• Assist client and team with responses to data calls and audits

Qualifications:

• Must be eligible to obtain a Public Trust government security clearance.
• At least 5 years of cybersecurity experience, including at least 2 years directly engaged with risk management activities.
• Knowledge of FISMA and NIST Risk Management Framework (RMF) and associated requirements.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of cybersecurity and privacy principles.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of measures or indicators of system performance and availability.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Knowledge of system life cycle management principles, including software security and usability.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of Personally Identifiable Information (PII) data security standards.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Desired Skills

• 4 year college degree in Computer Science or related field, and 2 years of experience, or 5 years of experience in lieu of a college degree.
• CISSP, CISM, or equivalent certification.