Information Systems Security Officer (ISSO) REMOTE

Data Systems Analysts, Inc. is searching for an Information Systems Security Officer to support a Federal Government customer located in the Washington, DC area. The position does allow for 100% remote support. Successful candidates shall act as a trusted security advisor providing System Security Plan development and implementation for information systems designated by the Chief Operating Officer (COO) for Information Security.

Responsibilities include:

• Perform as a trusted advisor to the System Owner. In support of this task the Contractor shall: Write a brief security strategy for each information system for the office and update annually, as needed.
• Advise the System Owner/System Owner Representative as the principal IT security advisor on all matters involving the security of an information system.
• Perform a security impact analysis of all proposed changes and configuration management decisions, which have impact on system security.
• Recommend alternate system architecture(s) for improved security.
• Communicate the need to understand COO IT security policies and provides feedback to shape our policies.
• Gather system security information to fill out ITSO's defined IT scorecard, annually, and review the scorecard periodically.
• Establish and execute the system's continuous monitoring program, including identifying the controls, approving the test methodology and reporting processes, and coordinating with stakeholders on its implementation.
• Ensure that systems comply with AO Manual, department, and program office security policies, and the Guide to Judiciary Policy.
• Identify and document security requirements for proposed new systems.
• Perform security review for proposed new systems.
• Prepare and present briefings as a security Subject Matter Expert (SME) as required.
• Manage remediation and mitigation efforts including report on AOUSC IT security risks to information assets to ensure that identified risks are addressed in a timely manner an risk status is tracked until risk is reduced to an acceptable level.
• Create/update documentation including Plans of Action & Milestones (POA&Ms), Exception Request Forms (ERFs), Risk Acceptance Memos (RAMs) and manages the renewals.
• Create/update Risk Mitigation Plans (RMPs) and gather documentation in support of remediation/mitigation.
• Appropriately update the current system of record (e.g., CSAM) with remediation/mitigation information

• Possess a Bachelor's degree as well as three (3) years of experience as an ISSO, preferably for the federal government.
• Minimum of 5 years collaborating and reviewing System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Methods (RAMs), Risk Management Proceses (RMPs), Cybersecurity Compliance Certifications (CCCs), Scorecards, and related documents with ISOs and other applicable stakeholders.
• Minimum of 3 years of experience with Risk Management Framework (RMF), NIST, FISMA compliance.
• Minimum of 5 years of experience in Tenable Nessus, CyberArk, Application Security testing suites, penetration testing tools, Security Information and Event Management (preferably Splunk), one or more Configuration Management Database (e.g. BMC and/or ServiceNow), API automation, and Identity Management systems (e.g., TACACS, AD, Tivoli, OAuth).
• Minimum of 3 years of experience with cloud security, including active directory federation services
• Minimum of 3 years of experience with the CSAM (Cyber Security Assessment and Management) software tool (i.e., specifically the software from the DOJ)
• Ability to obtain a Public Trust Suitability Determination: Level of I

COVID-19 continues to significantly impact our communities, families and employees. With employee health and safety as our top priority DSA is taking action to address the increased risk and uncertainty COVID variants pose in the workplace. DSA will require all newly hired employees to be fully vaccinated before their start date and show proof of vaccination on the first day of employment along with all I9 required forms. Approved Waivers are permitted. Any medical records are only to be provided via instruction from HR and with approval from DSA management for any access to customer facilities.

• #LI-REMOTE
• #LI-AH1