Information Systems Security Officer
We are currently searching for an Information Systems Security Officer to provide support to the National Institutes of Health (NIH). This opportunity is a full-time position with MSC, and it is on-site in Bethesda, MD.
Duties & Responsibilities
The Information Systems Security Officer (ISSO) will play a central role in the software project scrum teams to maintain the operational security posture to ensure information systems (IS) security policies, standards, and procedures are established and followed. The ISSO will support the efforts to obtain systems approval and Authority to Operate (ATO) for new, innovative systems that will be entirely new to the procuring government agencies including developing the security assessment package preparation as required by the NIST security framework and other federal mandates as appropriate. In addition, the ISSO will need to provide guidance on software design analysis as it relates to security risk mitigation for both on-prem and cloud software (DevSecOps).
- Cyber security paperwork (compliance) and Information Assurance (IA) controls
- Accreditation & Requirements
- Review current security policies and propose new security policies
- Perform IT systems vulnerability/risk assessment analysis to support Assessment & Authorization(A&A). Collaborate with team members and PM on requirements analysis, design, configuration, change and risk management, documentation, planning related to IT security. Ensure appropriate controls are maintained as commensurate with the sensitivity and criticality of particular systems
- Utilize one or more Risk Management Framework implementation methods to include the NISTSP 800-53, NIST SP 800-171 and ensure compliance with legislation, Executive Orders, OMB,HHS, and NIH directives, and other mandated requirements (e.g., FISMA).
- Assist in preparation and review documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), Security Controls Traceability Matrix (SCTM), and other Assessment& Authorization (A&A) artifacts
- Assist in the research and address information security issues as required, and develop and maintain the Plan of Action and Milestones (POA&M) and support remediation activities
- Review and update SSPs as needed. Evaluate proposed changes to a system to ensure the change does not impact the system's security.
- Provide continuous monitoring, check POA&M status, and technical inspections to enforce security policies, controls and procedures and prepare the security packages for the ATO process. Evaluate preventative controls during annual assessments to ensure that controls designed to deter, detect, and reduce impacts to systems are operating effectively and as intended. Discuss contingency strategies (i.e., backup and recovery, backup methods, equipment replacement) with key stakeholders. Assist in mitigating security incidents when they occur.
- Create processes and reports that will provide oversight into continuous monitoring and assessment activities for the system owner, Government ISSM and program management
- Responsible for conducting reviews of system account management and audit log and recording and reporting results
- Provide direction and guidance to other employees with regard to computer security issues via security education and awareness
- Provide Information Systems Security briefings to different audiences as appropriate
- Support efforts for vulnerability/risk assessment analysis to support Assessment & Authorization(A&A)
- Twelve (12+) years relevant work experience and a Bachelor’s degree in a relevant field
- Five (5) years of ISSO experience, at least 2 of which were obtained in a federal agency
- Proven expertise in assessing security risks, presenting security topics to people outside of security, analyzing software and system design to identify security vulnerabilities, and policy development. Experience with Health field related enterprise technology applications essential
- Strong technical knowledge of security system functions, security policies, technical security safeguards, and operational security measures to include government security requirements with NISPOM and ICD 503.
- Must meet 8570 IAT II requirements to include one of the following certifications: CCNA Security, GSEC, Security+ CE, SSCP, CASP CE, CCNP Security, CISA, CISSP.
- Information Assurance experience including evaluating, testing, certifying and accrediting of classified and sensitive but unclassified information systems as well as Commercial Off The Shelf (COTS) and Government Off The Shelf (GOTS) products
- Have technical knowledge of security system controls, policies, technical security safeguards, and operational security measures to include various government security requirements and working knowledge of NISPOM, NIST, and ICD 503.
- Knowledge of the latest developments in current Information Systems Security strategies and be familiar with the services Information System Security policies.
- Three (3+) years of experience preparing and maintaining enterprise security documentation related to System Security Plans, Risk Assessments, Security Control Assessments, Privacy Impact Assessments, ATO
- Experience with various SOC automation tools such as Splunk, Archer etc.
- Knowledge of vulnerability assessment and penetration testing tools.
- Proven ability to work effectively both independently and/or in a team setting.
Dovel Technologies and its Family of Companies (Medical Science & Computing and Ace Info Solutions) was acquired in October 2021.
Guidehouse is a leading global provider of consulting services to the public sector and commercial markets, with broad capabilities in management, technology, and risk consulting. By combining our public and private sector expertise, we help clients address their most complex challenges and navigate significant regulatory pressures focusing on transformational change, business resiliency, and technology-driven innovation. Across a range of advisory, consulting, outsourcing, and digital services, we create scalable, innovative solutions that help our clients outwit complexity and position them for future growth and success. The company has more than 12,000 professionals in over 50 locations globally. Guidehouse is a Veritas Capital portfolio company, led by seasoned professionals with proven and diverse expertise in traditional and emerging technologies, markets, and agenda-setting issues driving national and global economies.
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance, including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities or to apply for a position, and you require accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse, and Guidehouse will not be obligated to pay a placement fee.