Information System Security Officer
TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology (IT) and professional services to Federal and State agencies. TISTA is an Inc. 500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology’s FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development.
The Information Systems Security Officer (ISSO) will provide support extending to all aspects of the Department of Education’s (DoED) IT services including: on-prem and cloud applications; desktop and laptop computers; Wide Area Network/Local Area Network connectivity; and software and hardware acquisition and installation. The ISSO will be responsible for providing risk and vulnerability assessments, reports, and develop documentation as required per customer. The ISSO will be expected to develop and maintain Security Authorization packages in accordance with DoED and NIST standards and guidelines.
- Oversee large and highly complex projects.
- Create project teams, assign individual responsibilities, create project schedules, and determine and acquire resources needed.
- Ensure familiarization with the entire scope and requirements of the projects and serve as a liaison between team members and functional area management requesting the project.
- Serve as the source of technical expertise with regards to maintaining and improving the DoED’s RMF implementation.
- Provide strategic guidance and recommendations for strategic planning and improvements to security activities supported by TISTA.
- Develop, update, and maintain standard operating procedures (SOPs) and management directives to support the Information Security Division, the Network Security Operations Center, and the broader DoED community.
- Provide tactical production operations support and SA&A services.
- Develop and adhere to an effective Quality Control Program to ensure services are performed in accordance with government requirements.
- A minimum of three (3) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field.
- Experience with leading and directing the work of others.
- Demonstrates a proficiency with developing, maintaining and managing Security Assessment and Authorization (SA&A) packages.
- Knowledge of information security/risk management standard concepts, practices, and procedures within program management.
- Experience with developing and managing Plans of Action & Milestones (POA&Ms).
- A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 NIST SP 800-53 Rev4, Security and Privacy Controls for Federal Information Systems and Organizations;
- Demonstrated experience with NIST SP 800-53A Rev4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
- Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
- Possession of excellent documentation skills.
- Possession of excellent oral and written communication skills.
- Experience conducting Security Control Assessments (SCA)
- Preferred experience with FedRAMP documentation and package development/review
- Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields.
- A minimum of at least one (1) certification must be active relating to information security such as:
- Certified Information Systems Security Professional (CISSP);
- GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
- CompTIA Security +
Clearance: Secret or Higher
Work Location: Washington, DC