Information Security Officer Geography Full time remote position (national search) Reports to CTO Supervises None Key Job Duties Develop a variety of Security Authorization deliverables including System Security Plan, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments, Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, etc. Create Security Authorization packages and perform Annual Continuous Monitoring assessments and re-authorizations to include vulnerability scanning, interviews, and system testing Work alongside a variety of stakeholders, including System Owners, implementation engineers, and the organizational security team to develop deliverables, recommend security solutions Support the analysis and review of the information security of systems to ensure compliance to Federal security policies. Analysis of existing processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security. Provide guidance on security threats, technology, standards, and practices. Develop and review organizational security policies and procedures Preparing and analyzing test results to develop into a Plan of Action and Milestones (POAM) Maintain and update POAM for security posture reporting Work with 3PAO for annual assessment of security framework Review and update policies and procedures on continuous basis Develop and implement an Incident response reporting and response system. Serve as primary contact for information security incidents Experience with vulnerability scanners like Nessus and Acunetix. Conduct information assurance compliance testing using automated tools and manual tests. Compile and correlate compliance scanning and testing results for weekly and monthly reporting, working with engineering staff to ensure that identified vulnerabilities are addressed. Page 1 of 2 Understanding of PKI using internal Root Certificate Authority Serve as a knowledgeable resource within the SIEM technology area Minimum Qualifications (regard as necessary requirements unless specified as ldquopreferredrdquo or ldquohighly desirablerdquo) Must be Must be able to obtain security clearance Bachelorrsquos degree required, preferably in information security related field. Information technology degree will be also be considered. 4+ years of experience in Information Assurance (IA), Information Security (InfoSec) 3+ years of experience auditing or managing information systems under Federal Information Security Management Act (FISMA) requirements Working knowledge of system and network security engineering best practices, operating systems and application auditing Thorough understanding of the National Institute of Standards and Technology (NIST) 800-53 v3, risk management framework and related industry best practices Experience with FedRAMP is preferred Must have experience and be capable of independently developing Security Authorization deliverables Broad background in information assurance (IA) activities required to facilitate and coordinate IA activities for a project to obtain an Authorization to Operate (ATO). Certified Information Systems Security Professional (CISSP) certification required Security Certifications preferred Global Information Assurance Certification (GIAC), Certified Information Systems Auditors (CISA), Certified Information Security Manager (CISM) bull Strong written and verbal communication skills as well as a dynamic, creative personality. Must be a customer service-oriented team player eager to assist colleagues and handle changing priorities and multiple tasks. Must be energetic and possess interpersonal skills. Ability to convey a strong presence and professional image.