Ho'oilina Foundation
Information System Security Officer (ISSO)
Ho'oilina Foundation, Washington, District of Columbia, us, 20022
Aloha! Are you passionate about making a difference? Join us in our vibrant Native Hawaiian Organization, a proud non-profit dedicated to uplifting Native Hawaiian communities. As part of a dynamic network of subsidiaries and partners in the GovCon sector, we offer exciting opportunities across various agencies. If you're seeking a fulfilling career that truly gives back and supports a meaningful cause, we'd love to connect with you! Let's work together to create positive change!Hooilina is seeking a a talented Information System Security Officer with at least 3 years of experience and a passion for thinking big, taking action, and delivering exceptional results. You are outcome-driven, quality-obsessed, and relentlessly focused on innovation as a value-driver for world-class delivery, client satisfaction, and performance. You're looking to grow as a professional in a team-oriented environment where you can put your fingerprint on mission-critical projects impacting the citizens we serve.
Role Overview: The Information systems security officer (ISSO) researches, develops, implements, tests and reviews an organization's information security to protect information and prevent unauthorized access. Emphasis on general knowledge of infrastructure devices (i.e. OSI Model, firewalls, routers, switches.)Responsibilities:
Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2.
Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s).
Continuously update all Security Authorization documentation to maintain assigned system's ATO or system go live dates.
Select the baseline security controls for the IT system, using CSAM, and tailor where appropriate.
Document all relevant NIST 800-53 Security Controls for assigned IT systems in the System Security Plan (SSP).
Perform and document initial and annual risk self-assessments of all systems assigned
Develop and document all supporting Security A&A artifacts (i.e., PTA, SSP, ITCP, BIA, CMP, MOU, ISA).
Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO).
Track the deployment of software to the environment that is not part of the base image.
Conduct security impact analyses of proposed changes, provide recommendations.
Ability to analyze configuration settings, implementation of STIGs, and conducting manual checklists.
Generate Plan of Actions & Milestones (POA&Ms), with meaningful milestones, for each non-compliant control for assigned IT Systems.
Required Skills & Experience
3-5 years Cybersecurity experience.
Working knowledge and experience with CSAM and the NIST RMF.
Knowledge of the process to obtain a system ATO and requirements to maintain the ATO.
Experience working with system stakeholders to assess and manage system cybersecurity risk
Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations.
Ability to write clear, concise and effective security control implementation statements
Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
Ability to draft a complete ATO package, to include the SSP.
Ability to work independently and within given timelines.
Professional Certification(s):
Security+
Formal Education:
HS Diploma
Years of Professional Experience:
Minimum 3-5Desired Skills & Experience
BS in Computer Science, Information Technology, or related field
CISSP, CGRC (formerly CAP), CISMRequired Technical/Business Tools Experience
CSAM GRC Tool
DHS A&A experience
Hooilina is a Native Hawaiian-owned, 8(a) company committed to fostering a diverse, equitable, and inclusive workplace. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. We strongly encourage individuals from Native Hawaiian and other underrepresented communities to apply. We value diversity and the unique perspectives it brings and are dedicated to creating opportunities that promote the success of Native Hawaiian communities and beyond.
Role Overview: The Information systems security officer (ISSO) researches, develops, implements, tests and reviews an organization's information security to protect information and prevent unauthorized access. Emphasis on general knowledge of infrastructure devices (i.e. OSI Model, firewalls, routers, switches.)Responsibilities:
Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2.
Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s).
Continuously update all Security Authorization documentation to maintain assigned system's ATO or system go live dates.
Select the baseline security controls for the IT system, using CSAM, and tailor where appropriate.
Document all relevant NIST 800-53 Security Controls for assigned IT systems in the System Security Plan (SSP).
Perform and document initial and annual risk self-assessments of all systems assigned
Develop and document all supporting Security A&A artifacts (i.e., PTA, SSP, ITCP, BIA, CMP, MOU, ISA).
Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO).
Track the deployment of software to the environment that is not part of the base image.
Conduct security impact analyses of proposed changes, provide recommendations.
Ability to analyze configuration settings, implementation of STIGs, and conducting manual checklists.
Generate Plan of Actions & Milestones (POA&Ms), with meaningful milestones, for each non-compliant control for assigned IT Systems.
Required Skills & Experience
3-5 years Cybersecurity experience.
Working knowledge and experience with CSAM and the NIST RMF.
Knowledge of the process to obtain a system ATO and requirements to maintain the ATO.
Experience working with system stakeholders to assess and manage system cybersecurity risk
Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations.
Ability to write clear, concise and effective security control implementation statements
Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
Ability to draft a complete ATO package, to include the SSP.
Ability to work independently and within given timelines.
Professional Certification(s):
Security+
Formal Education:
HS Diploma
Years of Professional Experience:
Minimum 3-5Desired Skills & Experience
BS in Computer Science, Information Technology, or related field
CISSP, CGRC (formerly CAP), CISMRequired Technical/Business Tools Experience
CSAM GRC Tool
DHS A&A experience
Hooilina is a Native Hawaiian-owned, 8(a) company committed to fostering a diverse, equitable, and inclusive workplace. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. We strongly encourage individuals from Native Hawaiian and other underrepresented communities to apply. We value diversity and the unique perspectives it brings and are dedicated to creating opportunities that promote the success of Native Hawaiian communities and beyond.