Tista Science and Technology Corporation

Sr Information System Security Officer

Job ID 2020-2089
Job Locations US-MD-Bethesda

Overview

A large Federal health-care agency is implementing a risk-based approach to cybersecurity that creates unity of effort across 20+ cybersecurity projects that are currently separate. One of the key challenges is defining an effective cybersecurity approach that works enterprise-wide, implementing multiple new cybersecurity tools, and driving the adoption of best practices, and data-driven processes across the stakeholder groups. The overall approach must continue to support the organization even as it adopts new technologies – like Cloud, High Performance Computing, and Machine Learning – to support its health-care research mission. 

 

The Information System Security Officer will use a consultative approach to and a deep understanding of current technology and cybersecurity to analyze and consolidate technical requirements, develop data-driven dashboards that meet those requirements, and work collaboratively across various stakeholder groups to drive adoption. With knowledge of data visualization and analysis, the Senior Information System Security Officer will improve the quality of data for decision making, assist in dash-boarding, developing routines to automate and consolidate data collection from data calls, correlate metrics using ServiceNow and routine reporting, and identifying and tracking useful metrics. The Information System Security Officer will also develop and conduct training sessions, capturing and incorporating feedback to improve the quality of provided products over time. This person must be resourceful, detail-oriented, 100% client-focused, and possess a continuing passion for their profession. 

Responsibilities

  • Demonstrates proficiency developing, maintaining and managing Security Authorizations and Assessments packages
  • Experience developing and managing Plans of Action & Milestones (POA&M’s)
  • Experience conducting research and providing review recommendations on software and technologies to address vulnerabilities
  • Experience reviewing vulnerability scans and providing mitigation techniques.
  • Possess expertise conducting annual security control assessments
  • Experienced writing security-related policies and procedures
  • Possess experience conducting Contingency Plan testing
  • Experience conducting audit log reviews
  • Familiarity with NIST Special Publications and guidance
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment

 

Qualifications

  • A minimum of ten (10) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field.
  • Experience with leading and directing the work of others.
  • Demonstrates proficiency with developing, maintaining and managing Security Authorizations and Assessments packages.
  • Knowledge of standard concepts, practices, and procedures within program management.
  • Experience with developing and managing Plans of Action & Milestones (POA&M’s).
  • A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems.
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
  • Excellent documentation skills – redacted samples may be requested.
  • Excellent oral and written communication skills.

 

Education:

  • Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields.
  • A minimum of at least one (1) certification must be active relating to information security such as:
  • Certified Information Systems Security Professional (CISSP);
  • GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
  • CompTIA Security +
  • CEH

Location: 

  •  Bethesda, MD

Clearance:

  • Public Trust
  •  

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed