Information Systems Security Officer

**Information Systems Security Officer**at T-Rex Solutions Remote T-Rex is looking for an Information System Security Officer to join our team of Cyber Security specialists supporting the General Services Administration (GSA) FAS Cloud Services Support program. The successful candidate will support and lead Risk Management Framework (RMF) activities including the process managing security and privacy risk, information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring in order to achieve and maintain Authorization to Operate (ATO) for federal information systems.**Responsibilities:*** Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.* Initial development and, at least, annual reviews/updates of the System Security Plan (SSP), FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.* Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the Security Control assessment (SCA) team.* Review all change requests for potential impact to the system security posture.* Conduct audit log and account management reviews and update the Control Allocation Table and Trigger Accountability Log.* Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.* Work with the Security Operations Center (SOC) and system teams to investigate and analyze any incidents affecting assigned system(s).* Create and update Plan of Action and Milestone (POA&Ms) to detail the resources and strategies required to accomplish the remediation of identified findings/vulnerabilities* Work on high priority ad-hoc request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), client mandates, etc.* Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization* Develop briefings and presentations for Government PM and Executive Management* Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government* Provide technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements**Requirements:*** Bachelors degree and 10+ years of experience with information assurance or cybersecurity or computer science in a professional work environment. 6 years of additional work experience may substitute for a Bachelors Degree.* Hold at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), Certified Information Security Manager (CISM) or GIAC Security Leadership Certification (GSLC)* A deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents. This includes NIST 800-30 Rev. 1, NIST 800-34 Rev. 1, NIST 800-37 Rev. 1, NIST 800-47, FIPS PUB, 199, 200, 140-2, Federal Information Security Management Act (FISMA) and Federal Risk and Authorization Management Program (FedRAMP) requirements* Experience with supporting assessment and authorization of cloud environments and cloud-hosted applications based on FedRAMP controls* Experience with artifacts gathering as evidence of security control compliant* Experience with the risk management framework steps* Experience with ATO processes* Experience with POA&M Management* Experience reviewing all change requests for potential impact to the system security posture**Desired Skills:*** Strong leadership and analytical skills* Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats, and risks in emerging IT projects, and develop technical in-depth engineering solutions to address and mitigate these risks* Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government* Provide, prepare, and conduct security training, as needed* Research and build knowledge about products, services, technology, or concepts* Cloud certification such as AWS, MS Azure and or Google* Experience supporting security assessment for cloud information system with different services- Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS)**T-Rex Overview**Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering.T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits.T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors.#ZR**U.S. Equal Opportunity Employment Information (Completion is voluntary)**Individuals seeking employment at T-Rex Solutions are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.Completion of the form is entirely **voluntary**. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.GenderPlease identify your raceIf you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts