Information Systems Security Officer (ISSO)
ECS Corporate Services

Job Info

---

ECS is seeking an Information Systems Security Officer (ISSO) to work in our Columbia, MD office. Please Note: This position is contingent upon contract award.

Job Description:

ECS is seeking an Information System Security Officer (ISSO) to work in Columbia, MD, with Current, active Top Secret security clearance with SCI and Poly eligibility.

The Information System Security Officer (ISSO) plays a critical role in ensuring the security and integrity of an organization's information systems and data. The ISSO will oversee the day-to-day operations of this agency's information systems/applications security operations. The ISSO is responsible for implementing and maintaining security measures to protect against unauthorized access, data breaches, and cyber threats. They work closely with IT teams, management, and other stakeholders to develop, implement, and enforce security policies and procedures.

Key Responsibilities:

• Security Policy Development and Implementation:
  • Develop, implement, and enforce security policies, standards, and procedures to protect the organization's information systems and data.
  • Ensure compliance with industry regulations and standards (e.g., GDPR, NIST, ISO 27001).

• Risk Assessment and Management:
  • Conduct risk assessments to identify potential vulnerabilities and threats to the organization's information systems.
  • Develop and implement risk mitigation strategies and controls to minimize security risks.

• Security Awareness and Training:
  • Provide security awareness training to employees to promote a culture of security and compliance.
  • Keep stakeholders informed about emerging threats and security best practices.

• Incident Response and Management:
  • Develop and maintain incident response plans and procedures to address security incidents and breaches.
  • Coordinate response efforts during security incidents and conduct post-incident analysis to identify lessons learned and improve security measures.

• Security Monitoring and Compliance:
  • Monitor information systems for security breaches, unauthorized access, and suspicious activity.
  • Ensure compliance with security policies, standards, and regulatory requirements through regular audits and assessments.

• Security Technology Implementation and Management:
  • Evaluate, implement, and manage security technologies such as firewalls, intrusion detection/prevention systems, antivirus software, and encryption tools.
  • Stay updated on emerging security technologies and trends to enhance the organization's security posture.

• Vendor Management:
  • Evaluate the security posture of third-party vendors and service providers.
  • Ensure that vendors comply with security requirements and standards.

Required Skills:

• U.S. Citizenship is required per contract.
• Current, active Top-Secret security clearance with SCI and Poly eligibility.
• Bachelor degree in Computer Science, Information Systems, Engineering, or a similar field.
• Current DoD 8570 IAT Level 2 baseline certification(s) (e.g., CySA+, CASP+, CAP).
• A minimum of two years in DoD IT Security and RMF experience.
• Proven experience in information security, risk management, and compliance (i.e., Vulnerability Management, Security Technical Implementation Guides (STIG), Evaluate-STIG, Security Content Automation Protocol (SCAP) Compliance Checker, eMASSter).
• Knowledge of regulatory requirements and standards (e.g., ISO 3100/27001, NIST SP 800-30/-37/-39/-53/-53A, General Data Protection Regulation (GDPR)).
• Knowledge with NIST Assessment and Authorization, Plan of Action and Milestones (POA&M), Risk and Vulnerability Management, Leading Security Assessment, Security Control Assessment and Testing, Privacy Impact Assessment/Privacy Threshold Analysis (PTA/PIA), FIPS 199, Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Assessment and Authorization, Contingency Plan, Splunk, Nessus, FedRAMP, Cloud, SharePoint, Cyber Security Asset Management (CSAM).
• Experience of creating System Security Plan (SSP) to achieve Authority to Operate (ATO) Knowledge of cyber threats and vulnerabilities.
• Experience performing security risk assessments and security architecture reviews.
• Ability to demonstrate and articulate knowledge, understanding, and hands-on experience with eMASS/XACTA (ATO process) and policy development.
• Work with the ISSM and other team members to provide ideas and solutions to ongoing project risks.
• Solid Microsoft Excel, Word, and Power Point skills.
• Personal Qualities
  • Possess excellent oral and written communication skills for large government audiences, cross-functional teams, and internal executive teams.
  • Excellent analytical and problem-solving skills.
  • Customer-service focused.
  • Ability to learn and adapt to changing information and environments.
  • Interact and coordinate with senior government officials within and outside of the organization
  • Outstanding attention to detail
  • Self-motivated and a demonstrated self-starter
  • Proven ability to work on multi-disciplinary teams
  • Exceptional professionalism in fast-paced environments

Desired Skills:

• Masters degree.
• 10+ years of experience.
• Risk Management. Proficiency in conducting risk assessments, identifying vulnerabilities, assessing threats, and implementing risk mitigation strategies.
• Security Tools and Technologies. Experience with security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, SIEM (Security Information and Event Management) systems, vulnerability management tools, and Endpoint Security Solutions (ESS).
• Incident Response. Knowledge of incident response procedures, including detection, analysis, containment, eradication, and recovery, to effectively respond to security incidents and breaches.
• Project Management. Ability to manage security projects, including planning execution, monitoring, and documentation, to ensure timely and successful completion of security initiatives.
• Certifications. Tenable Vulnerability Management Specialist Certification, Certified Ethical Hacking (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Knowledge (CCSK), Certified Zero Trust Security, and/or Project Management Professional (PMP).
• Current DOD 8570 IAT Level 3 baseline certification(s) (CISSP, CISM, etc.).
• Operating System Certification (Windows, Linux, Unix, etc.)
• Penetration Testing, Certified Ethical Hacking (CEH), or Vulnerability Management.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

General Description of Benefits

This job has expired.