Information System Security Officer (ISSO)

Responsibilities:Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s)Continuously update all Security Authorization documentation to maintain assigned systems ATO or system go live datesSelect the baseline security controls for the IT system, using Archer, and tailor where appropriateDocument all relevant NIST 800-53 Security Controls for assigned IT systemsPerform and document initial and annual risk assessments of all systemsDevelop and document all supporting Security A&A artifacts (PIA, SP, ITCP, BIA, CMP, MOU, ISA)Assist in the development of the Security Assessment Plan (SAP)Develop Security Assessment Reports (SAR)Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO)Track the deployment of software to the environment that is not part of the base imageGenerate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for assigned IT SystemsThe Need-to-Have Skills & Qualifications:Working knowledge and experience with CSAM and RMFDHS experienceExperience working with system stakeholders to assess and manage system cybersecurity riskKnowledge of the process to obtain a system ATO and requirements to maintain the ATOAbility to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentationsAbility to write clear, concise and effective security control implementation statementsFamiliarity with configuration settings and vulnerability management analysis of infrastructure devices.Ability to draft a complete ATO package, to include the SSP.Ability to work independently and within given timelines.

#J-18808-Ljbffr