Lead Information System Security Officer

Reston, Virginia, United States

Applications have closed

Avint LLC is seeking a Lead Information System Security Officer who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Lead Information System Security Officer will contribute to the growth of the company by leading a team to effectively manage policy, and overall programmatic risk. This is a unique opportunity to shape the progress, development, and culture of an exciting and rapid-growing company in the cybersecurity market.

Position Responsibilities:

  • Leveraging Governance, Risk, and Compliance (GRC) tools (such as CSAM or Converge ServiceNow) to develop and maintain system-related documentation as it relates to the Risk Management Framework (RMF) lifecycle process, including SSP, ATO, ATU or Continuous Monitoring (ConMon) preparation and management
  • Reviewing and making appropriate recommendations on the changes to agency systems to ensure risks are not introduced
  • Ensuring risks and Plan of Actions and Milestones (POA&Ms) are being documented and monitored until remediation or closure
  • Accessing FedRamp packages for cloud systems and reporting the security posture to ISSM
  • Obtaining risk acceptance and waivers as needed
  • Assist and evaluate security system impacts with all Change Requests
  • Ensure that agency security requirements are implemented and documented
  • Ensure policies, procedures, and standard operating procedures (SOPs) are documented for cybersecurity tasks and processes
  • Facilitate the agency Risk Management Framework process and assist with implementation and maintenance of Governance, Risk Management and Compliance (GRC) tools
  • Assist the System Owner and Business Owner with categorizing the information system and selecting and tailoring appropriate security controls as part of the information system security control baseline
  • Coordinate with system stakeholders (e.g., technical operations teams, privacy teams, external service provider stakeholders) to gather information from the information system, document system information, resolve issues and improve its security
  • Complete Security Impact Analysis (SIA) for new solutions and products if applicable to ensure minimum risks are introduced to the agency environment
  • Ensure the preparation and updating of the System Security Plan (SSP) and all other applicable documents for the information system (e.g., Security Categorization (FIPS199), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Digital Identity Risk Assessment, Contingency Plan, Plan of Actions and Milestones (POA&Ms)
  • Ensuring the information system adheres to conditions of the Authorization
  • Identify, track, and continually monitor ageency system interconnections and develop and maintain appropriate agreements
  • Notify ISSM when changes occur that might affect the authorization determination of the information system. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and System Owner prior to the change
  • Attends and participants in meetings about the system (e.g., Change Control Board meeting)
  • Continually monitor the security posture of Information Systems using the agency’s ongoing authorization program consisting of automated continuous control assessment testing (e.g., OSCAL), manual control testing, NIST Cybersecurity Framework based monitoring, penetration testing results and monitoring POA&M progress
  • Participate in various security projects (e.g., CDM Dashboard, HVA Assessment Validated Architecture Design Review, CSF Based Assessment)
  • Develop a system Continuous Monitoring (ConMon) Plan
  • Develop an Ongoing Authorization Plan
  • Implement and monitor per the Ongoing Authorization Plan
  • Continuously monitor system events and alerts (e.g., system events, account management events, successful and unsuccessful account login events, object access and policy change, indications of inappropriate or anomalous activity).
  • Continuously monitor system inventory and system changes (e.g., new components, new software)
  • Provide support in the incident response process
  • Work proactively with government and other contractor staff to ensure that all areas of non- compliance and risks are documented in a well-formed Plan of Action and Milestones (POA&M) and managed to a timely and satisfactory completion
  • Rank and prioritize risks to the agency in relation to vulnerabilities and threats
  • Continually monitor system changes and make updates to the A&A documentation

Requirements

Technical Areas of Expertise:

  • Experience managing, coaching, and motivating diverse resources
  • Experience developing and maintaining catalog of Agile-based work product backlog
  • Experience producing accurate status reports (weekly/monthly) with a focus on quality
  • Experience communicating plan development and implementation strategies
  • Experience with quality control/assurance 
  • Understanding of MS Project to effectively maintain a programmatic level Integrated Master Schedule
  • Understanding of how Executive Orders, OMB Memorandums and CISA Binding Operational Directives correlate and impact Department policies, procedures, standards, and operational requirements

Qualifications:

  • Minimum of 10 years of relevant experience
  • BS in Computer Science, Information Systems or related discipline from an accredited college or university required
  • Certification in information technology security (e.g., CISSP or CISSM)
  • Previous experience with successfully managing a Cybersecurity Risk program in a federal agency or other comparable organization
  • Ability to obtain federal agency required clearance
  • Strong verbal and written communication skills to help foster stakeholder engagement and build trust across customer organization
  • Leadership skills that promote collaboration and empower the team to be their best
  • Understanding of Agile practices and concepts
  • Comfortable prioritizing and delegating tasks across the team
  • Working knowledge and understanding of cyber security principles and practices
  • Ability to effectively lead and moderate varying types of meetings
  • Member of the Avint Leadership Team
  • Serves as Career Manager responsible for performance management and professional development of lower levels
  • Contribute to developing Avint performance and quality standards and expectations
  • Responsible for leading one or more corporate initiatives ​
  • Proactively leads multi-disciplinary teams to execute complex tasks to produce innovative results of exceptional quality
  • Ability to leverage the full skills and expertise of the team to accomplish result efficiently and effectively
  • Demonstrates ability to quickly command working knowledge of any functional area of responsibility
  • Demonstrates exceptional communication skills, oral and written
  • Leads multi-disciplinary working sessions to solicit highly complex ideas and develop innovative solutions
  • Promotes collaboration across functional teams
  • Develops and presents highly professional presentations, complex ideas, solutions and innovations to current and prospective clients, partners, and Executive Leadership
  • Proactively sells Avint's brand and core service offerings
  • Always exemplifies Avint's core values
  • Proactively drives business growth within a specific market segment

Benefits

Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, and generous PTO and Federal Holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!

Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  11  0  0
Category: Leadership Jobs

Tags: Agile CISA CISSP Clearance Cloud Compliance Computer Science FedRAMP Governance Incident response Monitoring NIST Pentesting POA&M Privacy Risk assessment Risk management RMF Security Impact Analysis System Security Plan Vulnerabilities

Perks/benefits: Career development Health care Team events

Regions: Africa North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.