Logo
Marathon TS

Information Systems Security Officer

Marathon TS, McLean, VA, United States

Marathon TS is seeking an Information Systems Security Officer to assist a Top Federal Agency with critical security advisor service, combined with cutting edge hands-on tool experience and be a true security person and not just a paper pushing compliance person. You will be expected to provide deep knowledge, stay abreast of top federal guidance, regulations and best practices and bring value to the table. Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies. We need your knowledge as an information security risk specialist to help break down complex threats into manageable plans of action. As an information security risk officer (ISSO) you will think like an "auditor" and ensure controls are in place and processes balance operational need with risk. You must assist our client with discovering their cyber risks, understanding applicable policies, and developing a mitigation plan and managing. You will be driving the overall FISMA and ATO Processes for the agency for a multiple set of work areas. This is your opportunity to build experience in a strategic information security role while developing skills in cybersecurity assessments. Work with us as we protect our nation's cyber infrastructure.

Empower change with us.

You Have:

  • 5+ years of experience with security control assessments (Either internal IT Auditor, Federal FedRAMP assessor/3PAO auditor, Test/Evaluation Assessor (Phase 2 FISMA), Control pre-audit expert)
  • 2+ years of experience in a lead role
  • 3+ years of experience with successfully managing project schedules and developing required deliverables using established client templates
  • 3+ years of experience with developing and implementing risk management strategies
  • Knowledge of NIST SP 800 series and testing NIST 800-53 security controls, 800-37
  • Deep knowledge of understanding and how to convey Internal control requirements from NIST 800-53r5 or COBIT IT Audit control requirements/concepts
  • Experience documenting System Security Plan controls
  • Knowledge and exposure (direct) to FIPS199, IPA, PIA, CMP, CP and E-Auth and ATO processes and documentation
  • Experience and proven articulation of latest OMB, Client CISA mandates, Executive Order mandates, 0 Trust concepts and goals, NIST, FIPS requirements, etc.
  • bility to present IT security risk to executive management
  • bility to work independently and as part of a multi-disciplined and dynamic team
  • bility to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
  • Hands-on exposure experience ideally /preferred with Tanium, Qualys Web Application Scanners, VeraCode, ServiceNow, AWS Security and Azure Security
  • Bachelor's degree

Nice If You Have:
  • Experience with assessing security controls in a cloud environment (AWS, Azure)
  • CISSP, CISM, or CISA Certification
  • Big 4 Experience
Vetting:

pplicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client. Requirement to be Green Card (May be allowed -TBD) or US citizen (Preferred).

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").