Title: Information System Security Officer (ISSO)
Location: Bethesda, MD and/or Rockville, MD
Terms: Full-time
Clearance: Public Trust
Travel: 0-20%
Education: BA/BS degree and 7 years of experience or MA/MS degree or higher and 5 years of experience
RESULTS. INNOVATION. VALUES. ACCOUNTABILITY.
That’s RIVA. Our employee-first approach has manifested a culture that attracts the best and brightest. By investing in people first, and providing a flexible work environment, our employees have higher morale, higher productivity rates, and lower turnover. At RIVA, people are our #1 priority.
Project Description
RIVA’s Federal Health customer has developed a variety of software applications that support administrative and Grants Management processes and functions. They provide directors, branch chiefs, program managers, program officers, budget officers, scientists, and administrative and support staff with software solutions and tools necessary to manage their workload, to perform daily work assignments and to quickly share, exchange and disseminate information to the appropriate staff members internal and external to their community.
RIVA is providing IT Services and Support to their customer’s CIO office, Project Management Office, Network Infrastructure Section, Service Desk Section, and the customer user community. The CIO’s office manages all aspects of the customer’s branch sections from projects to documentation and policies. The Project Management Office provides a framework, tools, and staff to manage projects and initiatives. The Network Infrastructure Section provides IT infrastructure support, including networking/firewalls, backups, data center management, and operating system management. The Service Desk Section provides hands-on troubleshooting and user support for RIVA’s customer users, including support for laptops, desktops, peripherals, smartphones, operating systems, and software.
Position Description
We are seeking a skilled ISSO that will be responsible for assuring all systems, components and services supported by RIVA’s customer are in compliance with federal security polices, processes, and procedures. Work in collaboration with the customer security team to complete all Authority To Operate (ATO) activities, including implementing security assessments and authorizations (SA&A) of customer systems, and ensuring that the processes for customer systems continue to occur at the required intervals, or whenever major changes are implemented. Perform Oversight and Compliance Verification Assessment and Continuous Monitoring, Contingency Plan Development and Evaluation, Vulnerability Scanning and Auditing, and Security Program Assessment Support. Provide recommendations for improving security processes and procedures, analyze existing IT security processes and procedures within the Federal Agency to meet new IT security requirements.
Responsibilities
- Perform security assessments of RIVA’s customer general support systems, major and minor applications based on all applicable and current Federal Health regulations and policies.
- Produce, updates and reviews security assessment report, security assessment plan, risk assessment, test plans, system security plan, contingency plan, and Security Control Assessment (SCA) testing report.
- Document assessment activities and results in sufficient detail to enable external review of all findings, processes, activities, results and resolutions.
- Provide guidance and recommendations for corrective action of all non-compliant security controls.
- Develop, modify and run automation scripts using tools such as Microsoft PowerShell
- Utilize SIEM tools: Nessus/Tenable, Appscan, BigFix, JAMF, Cylance, CyberArk, and others
- Report critical vulnerabilities that need remediation to systems administrators and to ISSO.
- Provide security expertise to ensure security controls are implemented and the resulting documentation is current.
- Conduct security testing and develops assessment of local area network and components to ensure compliance with current security guidelines and requirements.
- Create and manages Plan of Action and Milestones (POA&M) and communication to system owners, system ISSOs, and authorizing officials.
Requirements
- Bachelors Degree and 7 years of progressive experience in computing and information security, including experience with Internet technology and security issues OR
- Masters Degree and 5 years of experience
- Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing
Preferred Certifications
RIVA Solutions is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, veteran status, or any protect class. If you need a reasonable accommodation to search for a job opening or to submit an online application, please email accommodations@rivasolutionsinc.com. Only messages left for this purpose will be returned.