Qualifications:

• A minimum of aBachelor’s degree coupled with 8 - 12 years’ experience in the InformationTechnology arena or Master's Degree with 6 years of relevant experience.

• Minimum of 5 years ofexperience as an ISSO supporting major federal information systems/applications

• Bachelor Degree inComputer Science, IT, Information/Cyber Security field from an accreditedcollege or university

• Knowledge with auditingsecurity controls and financial processes

• Superior writing,communication and critical analysis skills

• Deep understanding ofInformation Assurance, Information Technology and Information Managementconcepts, processes and procedures

• Working knowledge of thefollowing policies: NIST SP 800-37, Rev 2, Risk Management Framework forInformation Systems and Organizations: A System Life Cycle Approach forSecurity and Privacy, DHS 4300A Policy and Handbook, CBP Information SystemsSecurity Policies and Procedures Handbook (HB 1400-05),

Candidates shall possessand maintain one of the following professional certifications: • CompTIACertified Advanced Security Practitioner (CASP ) • ISC2 Certified AuthorizationProfessional (CAP) • ISC2 Certified Cloud Security Professional (CCSP) certification(The following certification is highly desired, but not required.) • ISACACertified Information Systems Auditor (CISA) - ONSITE REQUIREMENTS: 5 days/weekfor 90 days then 2 day/week (Maybe < 90 days if known ISSO) PreferredQualifications: • ISC2 Certified Authorization Professional (CAP) or ISC2Certified Cloud Security Professional (CCSP) certification or CompTIA CertifiedAdvanced Security Practitioner (CASP )

Essential Requirements: US Citizenship is required.

Physical Demands: The physical demands described hereare representative of those that must be met by an employee to successfullyperform the essential functions of this job with or without reasonableaccommodation. While performing the duties of this job, the employeewill regularly sit, walk, stand and climb stairs and steps. May require walkinglong distance from parking to work station. Occasionally, movement thatrequires twisting at the neck and/or trunk more than the average person,squatting/ stooping/kneeling, reaching above the head, and forward motion willbe required. The employee will continuously be required to repeat the samehand, arm, or finger motion many times. Manual and finger dexterity areessential to this position. Specific vision abilities required by this jobinclude close, distance, depth perception and telling differences among colors.The employee must be able to communicate through speech with clients andpublic. Hearing requirements include conversation in both quiet and noisyenvironments. Lifting may require floor to waist, waist to shoulder, orshoulder to overhead movement of up to 20 pounds. This position demandstolerance for various levels of mental stress.

Job Duties:

• Develop, draft, review and endorse allinformation systems security plans and other security authorization artifactsand documents such as:

• Standards for SecurityCategorization of Federal Information and Information Systems (FIPS 199)Assessment

• E-AuthenticationDetermination

• Privacy ThresholdDetermination

• Privacy Impact Assessment (PIA)

• Risk Assessment Plans

• System Security Plans

• Controls Testing(Security Test and Evaluation (ST&E)) Plans

• Configuration/ChangeManagement Plans

• Contingency Plans

• Contingency Plan Testand Test Results

• Section 508 of theRehabilitation Act plans

• Plans of Actions &Milestones (POA&Ms)

• Policy waiver and riskacceptance requests

• Ensure that assignedsystems are operated, maintained, and disposed of in accordance with applicablepolicies and procedures NIST SP 800-37, Rev 2, Risk Management Framework forInformation Systems and Organizations: A System Life Cycle Approach for Securityand Privacy

• Develop, review,maintain, and provide system security documentation for assigned systems,including System Security Plans, Interconnection Security Agreements,Contingency Plans, Plans of Action and Milestones, (POA&M), Waivers, andExceptions through the FISMA system management tool in use to implement andmanage the NIST Risk Management Framework.

• Assist the Governmentwith the reporting and management of system level security violations andincidents.

• Assist the Governmentwith the technical security evaluation of threats and vulnerabilities involvingnew/enhanced technology.

• Assist the Governmentwith providing oversight to vulnerability scanning processes and procedures andsecurity patch management/flaw remediation processes and procedures.

• Assist with development of cyber securitySOPs, playbooks, work instructions, and other procedures and processes tomature cyber security capabilities.