Choisys is a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) and a SBA certified 8(a) Business Development Program participant. We deliver Higher Value through customer-centric solutions that drive innovation and adapt to evolving mission requirements – with well documented success on numerous programs within the Civilian, Defense, and Intelligence communities. We are experts in IT Service Delivery processes and industry best practices, continuously integrating the framework of our ISO 9001, 20000, and 27001 certifications to achieve service excellence. Choisys combines empirical methodologies and lessons learned with leading-edge solutions to solve complex problems, provide ongoing support, and deliver quantifiable benefits. Our mission focus areas include, but are not limited to, PMO Support, Health IT, Education + Learning, Infrastructure Management, and Cyber Security.
We are seeking a Information System Security Officer with the following skills in the Washington DC area. The position requires a candidate to have an active Top Secret Security Clearance.
This position is for an experienced Information Systems Security Officer (ISSO) responsible for assuring compliance with all information system (IS) security requirements. The ISSO ensures proper assessment and implementation of security practices and procedures and validation of all security obligations toward meeting the Federal Information Security Modernization Act (FISMA) Risk Management Framework (RMF) requirements.
- Ensure that Learning Systems Unit (LSU) adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System(s) Authorization to Operate (ATO) under the FISMA, by following NIST 800-53 guidelines and NIST 800-53a security controls assessment practices for all current and future systems.
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system.
- Provide liaison support between the LSU system owner and other FBI info system security personnel.
- Guides LSU Operations/system engineering design and development toward a “baked-in” security approach using Information Assurance best practices, as well as FBI-specific policies and guidelines.
- Create and update the Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA), Configuration Management Plan (CMP), Contingency Plan (CP) and Incident Response Plan (IRP), as required for each system
- Responsible for keeping track of all privileged users accessing IS’s.
- Conduct required info system vulnerability scans and log analysis according to risk assessment parameters.
- Ensure that all system security Plan of Actions and Milestones (POA&Ms) are reviewed and updated.
- Ensure all information security audit logs are retained in accordance with DOJ, ODNI or FBI policy
- Report any information system security incidents to the Information Systems Security Manager (ISSM) and/or Chief Security Office (CSO), immediately, and initiate upon approval, any protective and corrective measures, required to be taken.
- Actively participate as a security board member in the Change Management Process
- Ensure all info systems are operated, maintained, and disposed of in accordance with security policies.
- Perform at a level where all information system security assessment documentation delivered to the government is accepted on 1st pass. The government criteria shall be based on administrative (grammar, spelling, punctuation, classifications markings, etc.) and technical review.
- Bachelors or advanced degree in Computer Information Systems or related field; experience and/or appropriate certifications may be substituted for degree
- 3+ years demonstrated experience as an ISSO
- Experience and expert knowledge with FISMA Systems, the RMF, NIST 800-series guidelines, Intelligence Community Directive 503 (ICD 503), Committee on National Security Systems (CNSS) Instructions, FIPS, SAA requirements and processes, Continuous Monitoring Framework experience, Plan of Action & Milestones (POA&M) policies and vulnerability/patch management
- Ability to define project goals and work independently to complete projects while adhering to the established schedule
- Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports
- A solid background in IT systems support
- A demonstrated ability to quickly and independently learn unfamiliar IT systems
- Demonstrated ability to effectively communicate both verbally and in writing
- Work on moderately complex assignments, using judgement to resolve problems/make recommendations
- Proficient with Microsoft products – Word, Excel, PowerPoint and Visio
Choisys Technology, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. The candidate must have the ability to sit for long periods of time, ability to discern colors, ability to read and monitor a computer screen for an extended period, 100% requirement to work on site.