Information Systems Security Officer (ISSO)

Job Description

Become part of the XLA team supporting a local Government entity, located in the Washington, DC metro area. XLA is looking for an Information Systems Security Officer (ISSO). The Information Systems Security Officer will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, POA&M management, ISO 27001 requirements, NIST 800 Series Special Publications, Federal Information Processing Standards (FIPS), FedRAMP Authorizations, and other regulatory compliance requirements. The individual will be responsible for assisting in federal audit that may occur during their employment.

Principle Duties and Responsibilities

• Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps
• Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
• Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums
• Identify, assess, and prioritize identified risks
• Collect evidence, artifacts, and document findings to support conclusions
• Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
• Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
• Coordinate third-party risk assessments and IT audits
• Manage remediation efforts and report on the status of control deficiencies
• Support security initiatives and global policy adherence and awareness efforts
• Support global information security metrics and reporting program(s)
• Provide security expertise to business units and key stakeholders
• Enforce policy adherence and manage formal policy exception requests
• Provide timely status updates/reporting on assessments and assigned project

Required Skills, Knowledge and Experience

• BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline
• Five (5) years of experience in IT security, including SA&A and/or IT security risk analysis, preferably in support of the Federal Government.
• Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST Special Publications 800 series.
• Industry recognized and accepted certifications relating to IT security preferred (CISSP, GIAC, CEH, TNCP, Security+, Network+ etc.).
• Ability to work independently and also collaborating with application developers, engineers and others.
• Must be motivated and results oriented.
• Effective written and oral communication skills.
• Previous Federal Government experience a plus.
• Experience using Xacta or CSAM

Security Clearance:  Top Secret clearance is desirable, but not required.

Schedule:  Hybrid- Tuesday/Thursday will be onsite in College Park, MD

EEO Statement

Americans with Disabilities Act (ADA): XLA is committed to the full inclusion of all qualified individuals. As part of this commitment, XLA will ensure that persons with disabilities are provided reasonable accommodations in the hiring process. We encourage qualified individuals with disabilities to apply. If a reasonable accommodation is needed to participate in the job application or interview process or to perform essential job functions, please contact our HR team by phone at 703-584-8317 or via email at humanresources@xla.com.  For persons who are deaf, hard of hearing, deafblind, or deaf-disabled, XLA will provide an American Sign Language (ASL) interpreter where needed as a reasonable accommodation for the hiring processes.