Summit Technologies Inc. is looking for an experienced Information System Security and Privacy Officer (ISSPO) - Lead, to join our team supporting a US government agency. You will work with a team responsible for IT Security Governance, Risk and Compliance by managing and documenting the agency’s ongoing security posture. The ISSPO will support the Program Manager and work collaboratively with other Information Systems Security Analysts, IT SMEs and System Administrators to conduct analysis, mitigation, remediation, and monitoring of compliance with agency policies and procedures. This is part of a hybrid working schedule requiring 2 days a week in an office in Washington, DC. Candidates must be eligible for a Public Trust clearance. Duties And Responsibilities:
Provide Risk Management Framework (RMF) and Authorization and Accreditation (A&A) activities such as developing and maintaining systems Authority to Operate (ATO) package documentation.
Establish procedures & processes to ensure tracking and mitigation of risks identified during the ATO process.
Provide data categorization guidance to system owners.
Develop and update Interconnection Security Agreement documentation.
Support customer responses to ongoing information system audits.
Develop and update System Security Plans (SSPs) and supporting documentation.
Assist with tailoring of security control baselines for general support system and other FISMA reportable systems, including Cloud systems utilizing FedRamp controls.
Collect and validate control implementation statements from subject matter experts.
Oversee development of security and privacy control implementation statements per NIST SP 800-53 and agency security policy standards.
Aid the migration to NIST SP 800-53 Rev 5, identifying gaps and providing understanding of new requirements to technical teams for implementation.
Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications.
Review and assess POA&M outputs, recommending additional work or closure.
Support the continuous monitoring program when Information System Continuous Monitoring (ISCM) results are used to support continuing authorization requirements or ongoing authorizations.
Document and communicate control deficiencies for POA&M consideration.
Assist in developing security policies, ensuring compliance, and updating documentation.
Provide information for status reports, briefings, schedules, and project plans in written and oral form.
Stay updated on IT trends and security standards. Required Skills & Experience:
Expert knowledge of RMF accreditation packages and all steps of the RMF process.
Experience in Security, Privacy Assessment and Authorization (SPA&A) activities and ATO package creation.
Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
Familiarity with IT Audits using FISCAM processes and procedures.
Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53 (Rev 4,5), and IT control processes.
Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
A strong technical understanding of Windows and Linux platforms.
Experience taking IT and network system(s) through the ATO process.
Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
Comprehensive knowledge performing and identifying impacts as well as consideration of existing risk mitigation strategies.
Experience auditing control implementations and communicating risks associated with control deficiencies or gaps.
Experience with SharePoint lists and workflows, and general project management tools.
Ability to work in a fast-paced environment.
Must be flexible with work schedule during surge periods of support.
Proficiency in explaining complex policies and protocols in simple terms.
Strong analytical and problem-solving skills to develop possible solutions.
Good interpersonal and communication skills (verbal and written). Desired Skills:
A solid understanding of IT security controls, tools, and concepts.
Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc. Education:
Undergraduate degree with eleven years of experience IT Infrastructure, IT Security, and/or Governance or Risk and Compliance (GRC); Or
Graduate degree with nine years of relevant experience. Certification:
Any of the following certifications - CISSP, CISM, CompTIA Security . Security Clearance:
Must be eligible for a Public Trust. If you feel you are qualified and want to be considered for this position, please supply the following to: , and please put the job number ‘6671’ in the subject line: Updated resume including MM/YYYY for each employer.
Best times/dates to interview (plus phone # you can best be contacted at).
Availability to start once given formal offers. Summit Technologies Inc. appreciates your interest. We will contact the best matching prospects and will consider you for future opportunities. We will not submit your resume without your prior knowledge and consent. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status.