LTS Inc.
Information System Security Officer (ISSO) TS clearance
LTS Inc., Washington, District of Columbia, us, 20022
Information System Security Officer (ISSO) TS clearanceLocation:
Washington, DCEmployment Duration:
Full timeJob Code:
2783LTS
is seeking an experienced
Information System Security Officer (ISSO)
to proactively review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all cybersecurity program documentation. The ISSO will be responsible for providing Cyber security and Privacy requirements and guidance for National Security Systems (NSS). The ideal candidate will have extensive experience in system security assessments, developing and implementing security policies, and leading authorization processes for NSS(s).This Program within the Department of Commerce is designed to manage and reduce cybersecurity risks of their customers and ensuring the convergence of IT security and business objectives by integrating cybersecurity into system development lifecycles and comply with the Federal Government's Risk Management Framework (RMF). The work will be performed on-site at the DOC located at 1401 Constitution Ave, NW.
*Contingent offer upon contract award*Responsibilities:Provide cybersecurity subject matter expertise to NSS(s).Ensure compliance with FISMA, NIST, and other federal cyber security requirements.Lead the development and execution of Security Assessment and Authorization (SA&A) activities, ensuring compliance with NIST 800-37 and other relevant frameworks.Develop, edit, format, and modify cybersecurity documentation, including policies, standards, procedures, and manuals, ensuring consistency.Conduct a gap analysis of existing cybersecurity policies, handbooks, standards, and procedures, recommending improvements or updates.Perform monthly inventory reviews and update the plan and schedule accordingly.Deliver Authority to Operate (ATO) packages to the CISO/ITSO and CIO as required.Conduct IT Checklist Risk Assessments for acquisition checklists, integrating them into the overall risk management framework.Provide subject matter expertise in the Information Security Assessment and Authorization (A&A) program, specifically ISSO support for National Security Systems.Offer guidance and technical expertise on A&A standards, policies, and procedures.Create, review, and update Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA) with recommendations based on analysis.Review and provide recommendations for Third-Party Application security as required.Provide feedback and recommendations on security requirements.Ensure accuracy and completeness of system artifacts in support of ATO requests.Upload assessment and audit reports to eMASS.Assist in updating and remediating Plan of Action and Milestones (POA&M) items and reviewing closure requests for completeness.Support continuous monitoring and maintain accurate System Security Plans.Provide technical and security support for A&A of Information Systems.Develop and provide feedback on security requirements, including SSPs, RAs, contingency plans, and POA&M reports.Ensure system compliance with FISMA, FIPS 199, and NIST 800-53 standards.Conduct security testing and vulnerability scans utilizing Tenable SC, providing limited scanning analysis for inclusion in system boundaries.Create, review, and update change management, contingency, and incident response plans as required.Provide subject matter expertise in eMASS, reviewing assessments, managing POA&Ms, and ensuring eMASS compliance.Manage eMASS user accounts and provide training to users.Collaborate with ISSOs and stakeholders to update data in eMASS and generate compliance reports.Manage GRC SharePoint folders, ensuring proper organization, access controls, and the archiving of outdated documents.Requirements:Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field or three (3) years Information Technology experience; minimum 1 year ISSO experience.Minimum of three (3) years of experience with Governance, Risk Management and Compliance (GRC) Tool, eMASS.Minimum of five (5) years of conducting security assessment and authorization.Certification: CISSP or CISM.In-depth knowledge of FISMA, NIST 800-53, NIST 800-37, RMF (Risk Management Framework), Committee on National Security Systems (CNSS) and other relevant federal security standards.Proven experience leading SA&A processes and obtaining ATO for federal systems.Strong analytical, problem-solving, and communication skills.Ability to work independently and as part of a team in a fast-paced, dynamic environment.Desired Skills:Experience working within the U.S. Department of Commerce or similar federal agencies.Familiarity with cloud security frameworks and federal cloud security requirements (e.g., FedRAMP).Experience with security tools such as Tenable Nessus, SCAP, or similar.LTS
is committed to offering eligible employees comprehensive benefits that will provide them with options intended to meet their needs and the needs of their family.LTS
is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
#J-18808-Ljbffr
Washington, DCEmployment Duration:
Full timeJob Code:
2783LTS
is seeking an experienced
Information System Security Officer (ISSO)
to proactively review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all cybersecurity program documentation. The ISSO will be responsible for providing Cyber security and Privacy requirements and guidance for National Security Systems (NSS). The ideal candidate will have extensive experience in system security assessments, developing and implementing security policies, and leading authorization processes for NSS(s).This Program within the Department of Commerce is designed to manage and reduce cybersecurity risks of their customers and ensuring the convergence of IT security and business objectives by integrating cybersecurity into system development lifecycles and comply with the Federal Government's Risk Management Framework (RMF). The work will be performed on-site at the DOC located at 1401 Constitution Ave, NW.
*Contingent offer upon contract award*Responsibilities:Provide cybersecurity subject matter expertise to NSS(s).Ensure compliance with FISMA, NIST, and other federal cyber security requirements.Lead the development and execution of Security Assessment and Authorization (SA&A) activities, ensuring compliance with NIST 800-37 and other relevant frameworks.Develop, edit, format, and modify cybersecurity documentation, including policies, standards, procedures, and manuals, ensuring consistency.Conduct a gap analysis of existing cybersecurity policies, handbooks, standards, and procedures, recommending improvements or updates.Perform monthly inventory reviews and update the plan and schedule accordingly.Deliver Authority to Operate (ATO) packages to the CISO/ITSO and CIO as required.Conduct IT Checklist Risk Assessments for acquisition checklists, integrating them into the overall risk management framework.Provide subject matter expertise in the Information Security Assessment and Authorization (A&A) program, specifically ISSO support for National Security Systems.Offer guidance and technical expertise on A&A standards, policies, and procedures.Create, review, and update Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA) with recommendations based on analysis.Review and provide recommendations for Third-Party Application security as required.Provide feedback and recommendations on security requirements.Ensure accuracy and completeness of system artifacts in support of ATO requests.Upload assessment and audit reports to eMASS.Assist in updating and remediating Plan of Action and Milestones (POA&M) items and reviewing closure requests for completeness.Support continuous monitoring and maintain accurate System Security Plans.Provide technical and security support for A&A of Information Systems.Develop and provide feedback on security requirements, including SSPs, RAs, contingency plans, and POA&M reports.Ensure system compliance with FISMA, FIPS 199, and NIST 800-53 standards.Conduct security testing and vulnerability scans utilizing Tenable SC, providing limited scanning analysis for inclusion in system boundaries.Create, review, and update change management, contingency, and incident response plans as required.Provide subject matter expertise in eMASS, reviewing assessments, managing POA&Ms, and ensuring eMASS compliance.Manage eMASS user accounts and provide training to users.Collaborate with ISSOs and stakeholders to update data in eMASS and generate compliance reports.Manage GRC SharePoint folders, ensuring proper organization, access controls, and the archiving of outdated documents.Requirements:Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field or three (3) years Information Technology experience; minimum 1 year ISSO experience.Minimum of three (3) years of experience with Governance, Risk Management and Compliance (GRC) Tool, eMASS.Minimum of five (5) years of conducting security assessment and authorization.Certification: CISSP or CISM.In-depth knowledge of FISMA, NIST 800-53, NIST 800-37, RMF (Risk Management Framework), Committee on National Security Systems (CNSS) and other relevant federal security standards.Proven experience leading SA&A processes and obtaining ATO for federal systems.Strong analytical, problem-solving, and communication skills.Ability to work independently and as part of a team in a fast-paced, dynamic environment.Desired Skills:Experience working within the U.S. Department of Commerce or similar federal agencies.Familiarity with cloud security frameworks and federal cloud security requirements (e.g., FedRAMP).Experience with security tools such as Tenable Nessus, SCAP, or similar.LTS
is committed to offering eligible employees comprehensive benefits that will provide them with options intended to meet their needs and the needs of their family.LTS
is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
#J-18808-Ljbffr