Title: ISSO Support Specialist with FEDRAMP Cloud
Location: Remote

The Information Security Systems Office (ISSO) Support Specialist creates and institutes measures to safeguard sensitive information within a computer network. This position requires a bachelor's degree in computer programming, mathematics or a related scientific field. 

·The ISSO Support Specialist for this contract performs the following duties:

·Oversees the security posture for one or more system(s) throughout the entire lifecycle; provides continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed. Oversees the implementation of information technology (IT) security controls and security authorization documents; and ensures the system is Federal Information Security Management Act (FISMA) compliant with mandated security policies and requirements.

·Provides technical recommendations for all Risk Assessments and Vulnerability Assessments conducted for the system or site; and provides security analysis of IT activities to ensure that appropriate security measures are in place and being enforced. Coordinates penetration testing or other 'red team' activities that might occur at/or traverse the system’s infrastructure as part of a Security Control Assessment (SCA). Promotes IT security awareness information to the user community by validating the user community is completing their annual training. Oversees and maintains regulatory requirements and participates on the Change Control Board (CCB) by reviewing system changes for security implications.

·Provides general system security support to ensure a secure posture is in place for systems that support key program areas; verify that application//system security postures are implemented as stated; documents deviations by performing FISMA/NIST compliance monitoring to review results across the system environment for compliance with business processes, operations of customer organizations, and IT security guidelines and policies; and recommend required actions to correct those deviations.

·Develops/updates system security plans, risk assessments, disaster recovery, and contingency plans, incident response and additional system development life-cycle (SDLC) security documentation for systems and/or applications in alignment with the SDLC.

·Provides coordination, consolidation, and submission of the Authority to Operate (ATO) security documentation for CISO approval; and track security assessment and authorization (SA&A) packages, reviewing authorization documents to confirm that security requirements are compliant.

·Facilitates remediation/mitigation of the POA&Ms to reduce risk and address weaknesses to the system.

·Provides Continuous Monitoring support/guidance by reviewing security documentation, logs, scans and ensuring system backups are performed.

·Reviews hardware/software asset inventory and ensure completion and advise system owner (SO) and management regarding gaps.

·Assists the CISO and SO with security-related inquiries and issues; coordinate protective or corrective measures when an incident or vulnerability is discovered by supporting the generation of a solution and following up to ensure the incident is resolved. Identify security weaknesses and document the weaknesses in the Security Assessment Report (SAR).

·Works with SOs, developers, and administrators to develop an access control or role-based model that ensures secure access to the system/application; and implement processes to control, enforce, and monitor access and privileges which lead to securing the systems and information.

·Reviews system changes for security implications; conduct security impact assessments when system changes or additions occur to the system, evaluate compliance with IT security requirements, compare them with expected results, and make recommendations to system owners.

·Analyzes and supports security control assessments by verifying results with the organization’s IS/IA requirements and confirms that the level of risk is within acceptable limits.

·Analyzes the effectiveness of the system security safeguards (examining for full compliance against requirements) to ensure they demonstrate the intended level of protection and functionality and advise or inform SO and leadership on risks to the security posture.

·Develops security risk assessment; Advise SO on requirements in alignment with security risk assessment results, thereby supporting IT FISMA compliance across multiple systems/applications.

·Develops disaster recovery and contingency plans for systems and/or applications to reduce system risk.

·Provides operational risk management support which involves participating in risk assessments, managing system weaknesses, and providing ongoing risk monitoring, threat management and mitigation support.

·Evaluates and provides input into the risk and adequacy of security measures proposed or provided in response to system acquisitions.

·Performs risk assessments, as required by the client.

·Reviews threat and vulnerability assessment findings to quantify and prioritize vulnerabilities in a system.

·Serves as IT security subject matter expert (SME)/POC for customer interactions and communications.

·Coordinates across teams to ensure compliance with policies and alignment with the Risk Management Framework (RMF) and HHS or Operating Division policies, procedures, and guidance; and manage delivery risks/logical escalation related to delivery requirements.

·Additional Requirement: must have FEDRAMP experience with cloud-based systems.