Logo
REVEILLE GROUP LLC

Information System Security Officer (ISSO)

REVEILLE GROUP LLC, Washington, District of Columbia 20036


Come join our team Reveille provides a full benefits package include medical/dental/vision, FSA, paid time off, commuting reimbursement, 401K / matching, Wellness subsidies, LTD/STD/AD&D insurance, and salary incentive (bonus) compensation. We're a team of strategically-minded consultants who focus on prioritizing a work-life balance. Reveille Group is a strategic advisory consulting firm with offices in Washington, DC. We are focused on providing our diverse clients with innovative solutions including technical analysis and development. We are looking to bring on an integral team member to provide support for an existing project. You will function as an IT PMO Business Analyst of a major system for a federal agency. Role Description The United States Agency for International Development (USAID) supports critical systems. The USAID's Bureau of Management, Office of the Chief Information Officer (M/CIO) seeks advisors to provide expertise and support as Information System Security Officer (ISSO) for various systems. System may be in the Pre-ATO or Post-ATO state during the lifecycle of support. These resources will work directly with the Government Information Technology Operations (ITO) Technical Lead and business owners for various USAID systems/applications. The ISSO will develop, implement, and maintain security policies, procedures, and standards to protect the organization's informationassets from unauthorized access, use, disclosure, disruption, modification, or destruction in accordance with USAID policy and National Institute of Standards and Technology (NIST) guidance and standards. Key responsibilities include: Perform Continuous Monitoring activities in accordance with the USAID and NIST Continuous Monitoring requirements. Support includes creation of new documents and update of existing documents mentioned in the Documents section. Support the system owner and/or project team in incorporating the applicable system security and privacy requirements to include, but not limited to, defining and documenting system specific requirements and making recommendations for technical, operational, or administrative implementations. Collaborate with the system owner, project team and the Information Assurance (IA) Division to ensure that system security requirements are identified, documented, constructed and validated throughout the project life cycle. Coordinate with the system owner and project team to identify, document, and mitigate (resolve) system security issues found during iterative testing cycles, audits or continuous monitoring activities. Coordinate with the system owner and project team to establish and document processes for audit log management/review, account management, separation of duties and configuration management and to complete all documents defined in the Documents section below. Serve as a key point-of-contact between the IA Division and the project team and/or system owner before, during and after audit and assessment activities. Coordinate with IA representatives to obtain current templates needed to generate required artifacts. Perform security assessment to facilitate the Authorization to Operate or ATO. Develop system security assessment and authorization documentation, coordinate review ofthose artifacts by the project team, system owner, and IA Division; and work closely with the project manager and/or system owner to ensure timely approval of those artifacts by the approving personnel. The ISSO duties and responsibilities include, but may not be limited to: 1) Ensuring that security requirements for the major application or general support system are being or will be met. 2) Ensuring that requests for Security Assessments and Authorizations (SA&A) of computer systems are completed in accordance with the published procedures. 3) Providing appropriate level of support for SA&A activities. 4) Supporting continuous monitoring testing and other activities. 5) Assist in the management of the plan of actions and milestones (POA&M). 6) Maintaining an inventory of hardware and software required for the system. 7) Coordinating the development of a Contingency Plan and ensuring that the plan is tested annually and maintained. 8) Ensuring risk analyses are completed to determine cost-effective and essential safeguards. 9) Ensuring preparation and update of security plans for information systems; major applications and networks as assigned. 10) Attending or completing required security awareness and role-based training and distributing security awareness information to the system user community as appropriate. Assist the IA Division with tracking and reporting training completion. 11) Reporting IT security incidents (including computer viruses not contained by antivirus software) in accordance with established procedures. 12) Reporting security incidents not involving IT resources to the appropriate security office. 13) Providing input to appropriate IT security personnel for preparation of reports to internal and external authorities. 14) Facilitating signatures on memorandums of agreement, interconnection security agreements or other documents as applicable. 15) Ensuring that user accounts are managed according to USAID ADS 545 and the ISSO Handbook. 16) Ensuring that audit logs are reviewed and appropriate actions are taken if there is any evidence or suspicion of inappropriate or unauthorized activity in accordance with the ADS 545 and the ISSO Handbook. Qualifications Expertise or familiarity with the following Security Policies, Regulations and/or Frameworks: Federal Information Security Modernization Act (FISMA) Privacy Act of 1974 NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.) Federal Risk Authorization and Management Program (FedRAMP) NIST Cybersecurity Framework OMB Circular A-130 USAID ADS 545, Information Systems Security Required Skills and Experience Be experienced in performing system analysis, system audits, system monitoring, security control assessment/testing (or security test & evaluation), risk management, incident response. Have working knowledge of various hardware platforms and software applications Must be able to work independently and demonstrate strong initiative and an ability to organize daily tasks with minimal supervision. Possess strong communication skills (oral and written) as well as the ability to interact well with team members and various levels of management. Experience with the Risk Management Framework (RMF) process and Agile System Development Life Cycle Be committed to results and success in accomplishing goals, as well as a fast learner with demonstrated ability to understand unique system requirements and adapt to change. Proficient with all Microsoft Suite and Google Suite tools Ability to align detailed tasks with the big picture. Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences. Proficient to handle multi-tasking and ability to prioritize (teams) tasks independently based on Organizations priorities. Ability to manage various stakeholders (technical and non-technical) and collaborate with others to achieve common goals. US Citizenship with eligibility for a security clearance - Secret active clearance preferred. Note: this position is based out of Washington, DC. The role allows for telework/remote work. However, meetings may arise that require onsite attendance in Washington, DC. You may not live outside the contiguous United States. Preferred Skills and Experience Advanced written and verbal communication skills. Active security clearance, Secret level or higher.