logo

View all jobs

ISSO (Information Systems Security Officer)

Arlington, VA · Information Technology
Tal-Ex is partnering with a government services provider to identify an Information Systems Security Officer (ISSO).  This is a contract to hire role located in Arlington, VA.

ISSOs shall work with NPPD OCISO to audits/review ATO packages on all NPPD systems at the time of any document review request(s).
3.1.1 Documentation Compliance Review
ISSOs shall work with NPPD OCISO to audits/review ATO packages on all NPPD systems at the time of any document review request(s).
Review ISSO selected controls for completeness based on system FIPS 199 classification
Verify system compliance with DHS 4300A guidance, including implementation of system hardening guidelines Review uploaded system documentation utilizing IACS for completeness and clarity:
o Privacy impact assessment (if applicable)
o Continuous Monitoring Plan
o Contingency Plan
o Contingency Plan Testing
o Configuration Management Plans
Perform Requirements Traceability Matrix review in IACS following ISSO completion for validated testing and completeness
Review Risk Assessment to ensure all test results are properly documented
Develop customized training materials and resources to provide guidance to NPPD’s sub-components regarding document review remediation, as well as train them in the document review process
Maintain and recommend changes to the annual Security Authorization (SA) document review checklist supporting the annual NPPD Information Security Performance Plan
Recommend metrics to evaluate the performance of document reviews. Recommend changes to improve the quality and reduce the time of document reviews
Maintain logs of all review activities. Recommend metrics to improve overall NPPD information security posture and performance. Complete weekly progress reports on the status of all compliance reviews
3.1.2 Plan of Action & Milestone (POA&M) Review
Validate all POA&Ms are created and tracked in IACS
Review PO&AMs for completeness to ensure all system deficiencies are properly identified Validate POA&Ms are associated to a Security Assessment Report (SAR) generated finding if
applicable
Maintain and revise the NPPD POA&M Guide to reflect changing guidance and implement process
improvements. Evaluate the effectiveness of NPPD’s weakness remediation process and make changes to the POA&M Guide as requested by the Government.
3.1.3 Nessus Scan Review
Contractor shall support and offer FISMA compliance guidance to sub-component ISSMs and ISSOs as directed by NPPD OCISO.
Page 1 of 2
3.1.4 ISSM / ISSO Support
Contractor shall review Nessus scans for anomalies, open ports, encryption in use, identified vulnerabilities, authorized accounts, privilege accounts, and SSL configuration settings
Contractor shall support and offer FISMA compliance guidance to sub-component ISSMs and ISSOs as directed by NPPD OCISO.
3.1.5 Final Reports
Contractor shall perform final documentation review, and provide the following reports: Security Assessment Plan (SAP)
SAR
Risk Assessment (RA)
Draft Authorization letter for OCISO review, as appropriate Other documents, as required
3.1.6 Metrics and Strategies
Recommend metrics and recommend improvements for tracking progress on remediation information security weaknesses. Recommend strategies for evaluating overall Department and Component risks associated with outstanding weaknesses.
Monitor and report progress on Sub-Component-level remediation efforts
Assist NPPD Sub-Components with developing, improving, and reviewing Plans of Actions and Milestones (POA&Ms) ensuring quality standards are met
Develop and implement a compliance model for monitoring internal controls of Chief Financial Officer (CFO)-Designated Financial Systems in accordance with OMB A-123, as required.
Develop and recommend metrics for audit tracking. Identify methods for improving the tracking of information security weaknesses and supporting compliance activities
3.1.7 Validation
Contractor shall support the ISO Inventory Management Team to identify and validate component information system assets.
Examine system security documentation, system security artifacts, system configuration settings, walkthrough inspection(s) of the information system facility, and interviews with key personnel such as ISSM, technical personnel, and system owner
Develop and maintain a review methodology for conducting Outreach and Assistance Visits

Share This Job

Powered by