Information System Security Officer ISSO

As ISSO, you are responsible for managing security risk and compliance of one or more information systems for Peloton Systems customers. You will apply your knowledge and experience in Information Technology design, operations and management combined with your cybersecurity skills to work with other members of the team to build security into our customer systems and cloud services. You will prepare products and information to support all steps of the NIST Risk Management Framework process enabling customer to obtain Authorization to Operate (ATO). Once operational, you will monitor changes to detect impacts to security posture and compliance, provide recommendations for mitigation, and where applicable perform the mitigation measures. You will conduct ongoing continuous monitoring working with cybersecurity engineers and analysts to detect vulnerabilities, mitigate risks, respond to incidents.

You must hold an active DOD Interim Secret clearance or higher to be considered for this position.

Currently, this position is 100% remote. However candidates must reside within 40 miles of Washington DC as there are occasional meetings and visits to the customer office in DC. We anticipate this position will adjust to 1-2 days per week onsite in DC after the pandemic.

Responsibilities include:

• Assist in the design of systems, networks and applications to integrate security protections and features required of applicable security controls.
• Prepare System Security Plan (SSP) and security control implementation for NIST SP 800-53 for the information system and ensure its entry into governance systems (e.g., Xacta)
• Represent the system owner through the assessment process to demonstrate security implementation and control compliance.
• Perform analysis of proposed changes, performing security impact and risk assessments to guide System Owners and Chief Information Security Officers in decision making.
• Perform monitoring of access control, network and system logs, anti-virus and related security threat detection systems.
• Review results of vulnerability assessments assisting customers to prioritize remediation based on risk, implement means to track and report progress.
• Manage and report on security incidents, conducting analysis and assisting to operations personnel to contain and recover.
• Schedule and conduct incident response and contingency plan tests
• Update System Security Plans and Contingency Plans to address changes in the environment, policy and standards.
• Manage the Plan of Actions and Milestones (POA&M) updating based on remediation performed, changes to planned corrective actions and adding new risks detected through monitoring.
• Participate in the design of replacement system, its implementation, and migration to the new cloud-based platform.

Qualifications

• BS/BA degree in information systems, computer science or related field.
• At least 5 years of professional work experience in information assurance or cybersecurity
• Active DOD Interim SECRET security clearance or higher.
• Experience performing some of the responsibilities described in the position description.
• Experience implementing systems to meet NIST Risk Management Framework or FedRAMP security controls (NIST SP 800-53).
• Experience performing NIST RMF for cloud services
• A desire and eagerness to continually learn and take on new challenges.
• Must be able to multi-task, work independently and as part of a team, and accommodate shifts in project priorities.
• Strong analytical, communication (verbal and written) and organizational skills.
• Effective time management skills.

Desired Skills, Experience and Certifications

• CISSP, CAP, CISM or CCSP certifications.
• Experience with cloud services Microsoft Azure, Amazon Web Services (AWS), Box.
• Experience working on Agile project teams using Scrum, Kanban and Sprints