Cybersecurity SME III (ISCM Lead)

Summary of Position

SiloSmashers is looking for an Information Systems Security Officer (ISSO) to contribute to an exciting new opportunity. The ISSO will lead a team of 8-10 ISSOs ensuring compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. This includes evaluating technological, operational, and process controls to evaluate the design and implementation of security controls. The individual will be responsible for supporting risk, compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, POA&M management, ISO 27001 requirements, NIST 800 Series Special Publications, Federal Information Processing Standards (FIPS), FedRAMP Authorizations, and other regulatory compliance requirements. The individual will be responsible for assisting in federal audits that may occur during their employment.

Principle Duties and Responsibilities

• - Must have 10+ years' experience implementing Risk Management Framework in the federal government.

• - Proven ability to lead a team while supporting information system(s) within an ISSO role as required

• - Extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment

• - Extensive experience providing analysis and trending of vulnerability data

• - Using the NIST Risk Management Framework (RMF) of Information security controls to measure the effectiveness of controls and identify control gaps.

• - Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies.

• - Preparing Security Authorization Packages and including documentation and Security Authorizations memorandums.

• - Identify, assess, and prioritize identified risks.

• - Collect evidence, artifacts, and document findings to support conclusions.

• - Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies.

• - Communicate regularly with stakeholders to provide updates on project status and address any issues or concerns.

• - Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure).

• - Coordinate third-party risk assessments and IT audits.

• - Manage remediation efforts and report on the status of control deficiencies.

• - Support security initiatives and global policy adherence and awareness efforts.

• - Provide security expertise to business units and key stakeholders.

• - Enforce policy adherence and manage formal policy exception requests.

• - Provide timely status updates/reporting on assessments and assigned projects.

Required Skills, Knowledge and Experience

• - BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline.

• - CISSP or CGRC (previously Certified Authorization Professional) Certifications highly preferred.

• - 10+ years of experience in IT security, including SA&A and/or IT security risk analysis, preferably in support of the Federal Government.

• - Knowledge of Federal Government SA&A practices and policies, particularly FISMA, RMF and NIST Special Publications 800 series.

• - 5+ years of experience with FedRamp systems (Azure, AWS, GCP)

• - Familiarity with Cyber Executive Order 14028 and supporting guidance.

• - Ability to work independently and collaborate with application developers, engineers and others.

• - Must be motivated and results oriented.

• - Effective written and oral communication skills.

• - Previous Federal Government experience is a plus.

• - Experience with a GRC Tool (CSAM) is highly desirable.

Security Clearance

• Minimum Secret with ability to receive an active TS/SCI

Work Location

• 100% remote with occasional on-site visits as needed