Everfox
Senior Information Systems Security Officer
Everfox, Herndon, Virginia, United States, 22070
Intelligent. Dynamic. Resilient.
Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against complex cyber threats for more than 25 years. As trailblazers in defense-grade, high assurance cyber security, we have been developing innovative cyber security technology. We protect data wherever it resides. Our commitment to our customers and the critical missions they serve sets us apart. We are dynamic, vigilant, and proactive in everything we do. Our suite of cross-domain, threat protection and insider risk solutions empower governments and enterprise organizations to use data safely. At Everfox, we innovate, we invest, we achieve. We protect what matters most to our customers.
Title: Information Systems Security Officer (ISSO)
Location: Herndon, VA or DC Area
MUST HAVE DoD CLEARANCE
Description
The Information Systems Security Officer (ISSO) serves as the advisor to the Information System Owner (SO), Business Process Owner, Director of Cybersecurity – Governance, Risk, and Compliance (GRC), and the Chief Information Security Officer (CISO) on all matters involving the security of their designated information system. This position reports to the Director of Cybersecurity – GRC.
This role is technical and analytical in nature and demands a fast learner with technical knowledge and cloud security experience combined with business experience in both on-premises and cloud product vendor environments.
The ideal candidate will be skilled in translating security governance and compliance requirements to various company functional units, helping them understand the need for and approach to comply with information security policies and required security controls. This role requires extensive experience in all 6 steps of the NIST 800-53A Risk Management Framework (RMF) lifecycle.
Duties And Responsibilities
Develop and maintain Assessment & Authorization (A&A) artifacts for their designated environment, including but not limited to: System Security Plan (SSP), Risk Assessment Report (RAR), Information Security Continuous Monitoring (ISCM) Plan, Security Control Traceability Matrix (SCTM), SSP attachments, Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), Ports & Protocols Service Management (PPSM), Policies & Procedures, control testing documentation and evidence.Oversee and maintain sustainment activities such as: hardware/software change management, account management, media protection, file transfers, vulnerability scanning and remediation, audit log reviews.Perform continuous monitoring activities IAW NIST 800-53A control requirements, self-inspection, and auditing.Develop, maintain, and execute effective and compliant NIST 800-53A Rev. 5 policies and procedures.Review routine DISA Security Technical Implementation Guide (STIG)’s, provide STIG reporting to senior leaders and relevant stakeholders, and provide guidance on remediation to relevant STIG findings.Maintain Security Awareness and Training Program for respective staff assigned to their designated environment.Maintain relationships with cross-functional teams to ensure risks and compliance efforts are properly routed, tracked, and reported.Provide support to incident response planning, investigation, and resolution for their designated environment.Prepare and deliver RMF compliance reporting to senior leaders and relevant stakeholders.Qualifications And Experience
Active DoD Secret clearance required.Industry recognized certifications are required: Minimum DoD 8570.1M IAM Level II (CISSP, CGRC, CASP+ce, CISM, CCISO, etc.).Bachelor’s degree preferred or equivalent combination of education, training, and experience.6+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in on-premises and cloud product vendor environments.Experience with NIST 800-171/CMMC, NIST 800-172, NIST 800-53A/FedRAMP, among others, as well as thorough knowledge of NIST Special Publication 800-series.Proficient in Microsoft Applications (Word, Excel, PowerPoint, Access, Visio).Strong communication skills for communicating at various levels in the organization.Experience articulating cybersecurity risk into business terms and presenting to management.Prior ISSO/ISSM experience preferred.Must be based in the US.A reasonable estimate of the base salary range for this role is:
$115,076.47-181,714.00 USD
The actual salary offered may vary within the range based on a candidate's unique experience, locale, and business needs. In addition to a base salary and bonus plans, Everfox offers a generous benefits package including flexible PTO, a 401k match, and contribution to healthcare coverages.
________________________________________________________________
Don’t meet every single qualification? Everfox is focused on building an inclusive and diverse workplace – so if there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.
The policy of Everfox is to provide equal employment opportunities to all applicants and employees without regard to any legally protected status.
If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability.
Everfox is a Federal Contractor. Certain positions with Everfox require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations.
Applicants must have the right to work in the location to which you have applied.#J-18808-Ljbffr
Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against complex cyber threats for more than 25 years. As trailblazers in defense-grade, high assurance cyber security, we have been developing innovative cyber security technology. We protect data wherever it resides. Our commitment to our customers and the critical missions they serve sets us apart. We are dynamic, vigilant, and proactive in everything we do. Our suite of cross-domain, threat protection and insider risk solutions empower governments and enterprise organizations to use data safely. At Everfox, we innovate, we invest, we achieve. We protect what matters most to our customers.
Title: Information Systems Security Officer (ISSO)
Location: Herndon, VA or DC Area
MUST HAVE DoD CLEARANCE
Description
The Information Systems Security Officer (ISSO) serves as the advisor to the Information System Owner (SO), Business Process Owner, Director of Cybersecurity – Governance, Risk, and Compliance (GRC), and the Chief Information Security Officer (CISO) on all matters involving the security of their designated information system. This position reports to the Director of Cybersecurity – GRC.
This role is technical and analytical in nature and demands a fast learner with technical knowledge and cloud security experience combined with business experience in both on-premises and cloud product vendor environments.
The ideal candidate will be skilled in translating security governance and compliance requirements to various company functional units, helping them understand the need for and approach to comply with information security policies and required security controls. This role requires extensive experience in all 6 steps of the NIST 800-53A Risk Management Framework (RMF) lifecycle.
Duties And Responsibilities
Develop and maintain Assessment & Authorization (A&A) artifacts for their designated environment, including but not limited to: System Security Plan (SSP), Risk Assessment Report (RAR), Information Security Continuous Monitoring (ISCM) Plan, Security Control Traceability Matrix (SCTM), SSP attachments, Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), Ports & Protocols Service Management (PPSM), Policies & Procedures, control testing documentation and evidence.Oversee and maintain sustainment activities such as: hardware/software change management, account management, media protection, file transfers, vulnerability scanning and remediation, audit log reviews.Perform continuous monitoring activities IAW NIST 800-53A control requirements, self-inspection, and auditing.Develop, maintain, and execute effective and compliant NIST 800-53A Rev. 5 policies and procedures.Review routine DISA Security Technical Implementation Guide (STIG)’s, provide STIG reporting to senior leaders and relevant stakeholders, and provide guidance on remediation to relevant STIG findings.Maintain Security Awareness and Training Program for respective staff assigned to their designated environment.Maintain relationships with cross-functional teams to ensure risks and compliance efforts are properly routed, tracked, and reported.Provide support to incident response planning, investigation, and resolution for their designated environment.Prepare and deliver RMF compliance reporting to senior leaders and relevant stakeholders.Qualifications And Experience
Active DoD Secret clearance required.Industry recognized certifications are required: Minimum DoD 8570.1M IAM Level II (CISSP, CGRC, CASP+ce, CISM, CCISO, etc.).Bachelor’s degree preferred or equivalent combination of education, training, and experience.6+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in on-premises and cloud product vendor environments.Experience with NIST 800-171/CMMC, NIST 800-172, NIST 800-53A/FedRAMP, among others, as well as thorough knowledge of NIST Special Publication 800-series.Proficient in Microsoft Applications (Word, Excel, PowerPoint, Access, Visio).Strong communication skills for communicating at various levels in the organization.Experience articulating cybersecurity risk into business terms and presenting to management.Prior ISSO/ISSM experience preferred.Must be based in the US.A reasonable estimate of the base salary range for this role is:
$115,076.47-181,714.00 USD
The actual salary offered may vary within the range based on a candidate's unique experience, locale, and business needs. In addition to a base salary and bonus plans, Everfox offers a generous benefits package including flexible PTO, a 401k match, and contribution to healthcare coverages.
________________________________________________________________
Don’t meet every single qualification? Everfox is focused on building an inclusive and diverse workplace – so if there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.
The policy of Everfox is to provide equal employment opportunities to all applicants and employees without regard to any legally protected status.
If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability.
Everfox is a Federal Contractor. Certain positions with Everfox require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations.
Applicants must have the right to work in the location to which you have applied.#J-18808-Ljbffr