REVEILLE GROUP LLC
Information System Security Officer (ISSO)
REVEILLE GROUP LLC, Washington, District of Columbia, us, 20022
Come join our team! Reveille provides a full benefits package include medical/dental/vision, FSA, paid time off, commuting reimbursement, 401K / matching, Wellness subsidies, LTD/STD/AD&D insurance, and salary + incentive (bonus) compensation. We're a team of strategically-minded consultants who focus on prioritizing a work-life balance.
Reveille Group is a strategic advisory consulting firm with offices in Washington, DC. We are focused on providing our diverse clients with innovative solutions including technical analysis and development. We are looking to bring on an integral team member to provide support for an existing project. You will function as an IT PMO Business Analyst of a major system for a federal agency.
Role Description
The United States Agency for International Development (USAID) supports critical systems. The USAID's Bureau of Management, Office of the Chief Information Officer (M/CIO) seeks advisors to provide expertise and support as Information System Security Officer (ISSO) for various systems. System may be in the Pre-ATO or Post-ATO state during the lifecycle of support.
These resources will work directly with the Government Information Technology Operations (ITO) Technical Lead and businessowners for various USAID systems/applications. The ISSO will develop, implement, and maintain security policies, procedures, and standards to protect the organization's informationassets from unauthorized access, use, disclosure, disruption, modification, or destruction in accordancewith USAID policy and National Institute of Standards and Technology (NIST) guidance and standards.
Key responsibilities include:
Perform Continuous Monitoring activities in accordance with the USAID and NIST ContinuousMonitoring requirements. Support includes creation of new documents and update of existingdocuments mentioned in the Documents section.Support the system owner and/or project team in incorporating the applicable system securityand privacy requirements to include, but not limited to, defining and documenting systemspecific requirements and making recommendations for technical, operational, or administrativeimplementations.Collaborate with the system owner, project team and the Information Assurance (IA) Division toensure that system security requirements are identified, documented, constructed and validatedthroughout the project life cycle.Coordinate with the system owner and project team to identify, document, and mitigate(resolve) system security issues found during iterative testing cycles, audits or continuousmonitoring activities.Coordinate with the system owner and project team to establish and document processes foraudit log management/review, account management, separation of duties and configurationmanagement and to complete all documents defined in the Documents section below.Serve as a key point-of-contact between the IA Division and the project team and/or systemowner before, during and after audit and assessment activities.Coordinate with IA representatives to obtain current templates needed to generate required artifacts.Perform security assessment to facilitate the Authorization to Operate or ATO.Develop system security assessment and authorization documentation, coordinate review ofthose artifacts by the project team, system owner, and IA Division; and work closely with the project manager and/or system owner to ensure timely approval of those artifacts by the approving personnel.The ISSO duties and responsibilities include, but may not be limited to:
1) Ensuring that security requirements for the major application or general support systemare being or will be met.2) Ensuring that requests for Security Assessments and Authorizations (SA&A) of computersystems are completed in accordance with the published procedures.3) Providing appropriate level of support for SA&A activities.4) Supporting continuous monitoring testing and other activities.5) Assist in the management of the plan of actions and milestones (POA&M).6) Maintaining an inventory of hardware and software required for the system.7) Coordinating the development of a Contingency Plan and ensuring that the plan is testedannually and maintained.8) Ensuring risk analyses are completed to determine cost-effective and essentialsafeguards.9) Ensuring preparation and update of security plans for information systems; majorapplications and networks as assigned.10) Attending or completing required security awareness and role-based training anddistributing security awareness information to the system user community asappropriate. Assist the IA Division with tracking and reporting training completion.11) Reporting IT security incidents (including computer viruses not contained by antivirussoftware) in accordance with established procedures.12) Reporting security incidents not involving IT resources to the appropriate security office.13) Providing input to appropriate IT security personnel for preparation of reports to internaland external authorities.14) Facilitating signatures on memorandums of agreement, interconnection securityagreements or other documents as applicable.15) Ensuring that user accounts are managed according to USAID ADS 545 and the ISSOHandbook.16) Ensuring that audit logs are reviewed and appropriate actions are taken if there is anyevidence or suspicion of inappropriate or unauthorized activity in accordance with theADS 545 and the ISSO Handbook.
Qualifications
Expertise or familiarity with the following Security Policies, Regulations and/or Frameworks:
Federal Information Security Modernization Act (FISMA)Privacy Act of 1974NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)Federal Risk Authorization and Management Program (FedRAMP)NIST Cybersecurity FrameworkOMB Circular A-130USAID ADS 545, Information Systems SecurityRequired Skills and Experience
Be experienced in performing system analysis, system audits, system monitoring, securitycontrol assessment/testing (or security test & evaluation), risk management, incident response.Have working knowledge of various hardware platforms and software applicationsMust be able to work independently and demonstrate strong initiative and an ability to organize daily tasks with minimal supervision.Possess strong communication skills (oral and written) as well as the ability to interact well with team members and various levels of management.Experience with the Risk Management Framework (RMF) process and Agile System Development Life CycleBe committed to results and success in accomplishing goals, as well as a fast learner withdemonstrated ability to understand unique system requirements and adapt to change.Proficient with all Microsoft Suite and Google Suite toolsAbility to align detailed tasks with the big picture.Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences.Proficient to handle multi-tasking and ability to prioritize (teams) tasks independently based on Organizations priorities.Ability to manage various stakeholders (technical and non-technical) and collaborate with others to achieve common goals.US Citizenship with eligibility for a security clearance - Secret active clearance preferred.Note: this position is based out of Washington, DC. The role allows for telework/remote work. However, meetings may arise that require onsite attendance in Washington, DC. You may not live outside the contiguous United States.Preferred Skills and Experience
Advanced written and verbal communication skills.Active security clearance, Secret level or higher.
Reveille Group is a strategic advisory consulting firm with offices in Washington, DC. We are focused on providing our diverse clients with innovative solutions including technical analysis and development. We are looking to bring on an integral team member to provide support for an existing project. You will function as an IT PMO Business Analyst of a major system for a federal agency.
Role Description
The United States Agency for International Development (USAID) supports critical systems. The USAID's Bureau of Management, Office of the Chief Information Officer (M/CIO) seeks advisors to provide expertise and support as Information System Security Officer (ISSO) for various systems. System may be in the Pre-ATO or Post-ATO state during the lifecycle of support.
These resources will work directly with the Government Information Technology Operations (ITO) Technical Lead and businessowners for various USAID systems/applications. The ISSO will develop, implement, and maintain security policies, procedures, and standards to protect the organization's informationassets from unauthorized access, use, disclosure, disruption, modification, or destruction in accordancewith USAID policy and National Institute of Standards and Technology (NIST) guidance and standards.
Key responsibilities include:
Perform Continuous Monitoring activities in accordance with the USAID and NIST ContinuousMonitoring requirements. Support includes creation of new documents and update of existingdocuments mentioned in the Documents section.Support the system owner and/or project team in incorporating the applicable system securityand privacy requirements to include, but not limited to, defining and documenting systemspecific requirements and making recommendations for technical, operational, or administrativeimplementations.Collaborate with the system owner, project team and the Information Assurance (IA) Division toensure that system security requirements are identified, documented, constructed and validatedthroughout the project life cycle.Coordinate with the system owner and project team to identify, document, and mitigate(resolve) system security issues found during iterative testing cycles, audits or continuousmonitoring activities.Coordinate with the system owner and project team to establish and document processes foraudit log management/review, account management, separation of duties and configurationmanagement and to complete all documents defined in the Documents section below.Serve as a key point-of-contact between the IA Division and the project team and/or systemowner before, during and after audit and assessment activities.Coordinate with IA representatives to obtain current templates needed to generate required artifacts.Perform security assessment to facilitate the Authorization to Operate or ATO.Develop system security assessment and authorization documentation, coordinate review ofthose artifacts by the project team, system owner, and IA Division; and work closely with the project manager and/or system owner to ensure timely approval of those artifacts by the approving personnel.The ISSO duties and responsibilities include, but may not be limited to:
1) Ensuring that security requirements for the major application or general support systemare being or will be met.2) Ensuring that requests for Security Assessments and Authorizations (SA&A) of computersystems are completed in accordance with the published procedures.3) Providing appropriate level of support for SA&A activities.4) Supporting continuous monitoring testing and other activities.5) Assist in the management of the plan of actions and milestones (POA&M).6) Maintaining an inventory of hardware and software required for the system.7) Coordinating the development of a Contingency Plan and ensuring that the plan is testedannually and maintained.8) Ensuring risk analyses are completed to determine cost-effective and essentialsafeguards.9) Ensuring preparation and update of security plans for information systems; majorapplications and networks as assigned.10) Attending or completing required security awareness and role-based training anddistributing security awareness information to the system user community asappropriate. Assist the IA Division with tracking and reporting training completion.11) Reporting IT security incidents (including computer viruses not contained by antivirussoftware) in accordance with established procedures.12) Reporting security incidents not involving IT resources to the appropriate security office.13) Providing input to appropriate IT security personnel for preparation of reports to internaland external authorities.14) Facilitating signatures on memorandums of agreement, interconnection securityagreements or other documents as applicable.15) Ensuring that user accounts are managed according to USAID ADS 545 and the ISSOHandbook.16) Ensuring that audit logs are reviewed and appropriate actions are taken if there is anyevidence or suspicion of inappropriate or unauthorized activity in accordance with theADS 545 and the ISSO Handbook.
Qualifications
Expertise or familiarity with the following Security Policies, Regulations and/or Frameworks:
Federal Information Security Modernization Act (FISMA)Privacy Act of 1974NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)Federal Risk Authorization and Management Program (FedRAMP)NIST Cybersecurity FrameworkOMB Circular A-130USAID ADS 545, Information Systems SecurityRequired Skills and Experience
Be experienced in performing system analysis, system audits, system monitoring, securitycontrol assessment/testing (or security test & evaluation), risk management, incident response.Have working knowledge of various hardware platforms and software applicationsMust be able to work independently and demonstrate strong initiative and an ability to organize daily tasks with minimal supervision.Possess strong communication skills (oral and written) as well as the ability to interact well with team members and various levels of management.Experience with the Risk Management Framework (RMF) process and Agile System Development Life CycleBe committed to results and success in accomplishing goals, as well as a fast learner withdemonstrated ability to understand unique system requirements and adapt to change.Proficient with all Microsoft Suite and Google Suite toolsAbility to align detailed tasks with the big picture.Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences.Proficient to handle multi-tasking and ability to prioritize (teams) tasks independently based on Organizations priorities.Ability to manage various stakeholders (technical and non-technical) and collaborate with others to achieve common goals.US Citizenship with eligibility for a security clearance - Secret active clearance preferred.Note: this position is based out of Washington, DC. The role allows for telework/remote work. However, meetings may arise that require onsite attendance in Washington, DC. You may not live outside the contiguous United States.Preferred Skills and Experience
Advanced written and verbal communication skills.Active security clearance, Secret level or higher.