Information System Security Officer (ISSO) - Government Publishing Office (GPO)

Description

The U.S. Government Publishing Office (GPO) is the Federal Government’s Legislative Agency, serving as the official, digital, and secure resource for producing, procuring, cataloging, indexing, authenticating, disseminating, and preserving the official information products of the U.S. Government.

**Division Overview:**
GPO Information Technology Security (IT Security) is responsible for providing comprehensive information security support to the agency. The division focuses on developing, interpreting, and maintaining IT security controls, coordinating incident response, and aligning with the principles of Zero Trust Architecture (ZTA).

**Position Summary:**
The Information Systems Security Officer (ISSO) will oversee the security of GPO’s IT systems and applications, ensuring the integrity, confidentiality, and availability of federal information dissemination systems. This role involves collaboration across various security operations and architectures, playing a key part in the implementation of GPO’s IT Security program.

**Key Responsibilities:**

1. **IT Security Development:**
   - Develop tools for Technical Reference Model (TRM) and IT operations (ITOPS), including support for Risk Management Framework (RMF).
   - Conduct research and produce test plans for security measures.

2. **IT Security Operations:**
   - Maintain and support TRM and ITOPS technologies in both production and test environments.
   - Manage inventory, Standard Operating Procedure (SOP) documentation, and RMF compliance.

3. **Zero Trust Architecture (ZTA) Operations:**
   - Implement and manage tools including Microsoft Defender for Endpoint, Sentinel, and SIEM.
   - Conduct RMF assessments and ensure adherence to Zero Trust principles.

4. **Continuity of Operations (COOP) Support:**
   - Provide cybersecurity support during COOP events and exercises, facilitating smooth transitions to alternate sites as needed.

5. **Documentation & Project Leadership:**
   - Produce and update security artifacts, including security control tests, asset inventories, network topology diagrams, and patch/update schedules.
   - Collaborate with GPO IT Security Division Chief, Project Managers, and ISSM to ensure compliance and document storage within GRC applications.

**Knowledge, Skills, and Abilities:**
- Strong understanding of IT security frameworks, tools, and technologies.
- Proficiency with security software: Microsoft Defender, Trellix, RSA, Azure, and others mentioned.
- Experience with Security Operations Center (SOC) and SIEM management.
- Familiarity with cloud environments and various operating systems (Windows, Linux).
- Excellent documentation and communication skills.

Requirements

- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Relevant certifications (CISSP, CISM, etc.) preferred.
- Proven experience in cybersecurity roles, particularly in federal or government environments.