Information Systems Security Officer

Company Description

Ashburn Consulting, a small business based in the Washington, DC metropolitan area, specializes in providing network and network security solutions in complex environments to a select set of government and business clients. The company, an established leader in its field, is composed of an elite team of engineers and business consultants, each of whom is recognized, and highly regarded, within the network and security communities.

Job Description

ISSOs are responsible for ensuring and maintaining the security compliance for Agency information systems in accordance with (IAW) NIST, Federal and Agency security policies, directives, mandates, and laws. This requirement is necessary to support Agency cybersecurity initiatives and programs.

The Agency’s Information Technology (IT) provides the administration’s response to meeting the practical and statutory security requirements associated with the use of IT solutions to support Agency data and assets. The Agency ISSO program provides centralized management and leadership of Agency’s ISSOs. Maintaining and enhancing ISSO professional services at an enterprise level is needed to address the increase in cybersecurity threats and unknown events that require additional support, while ensuring assessment readiness and compliance with cybersecurity mandates, to ensure that Agency systems are protected from cybersecurity attacks.

The current Enterprise consists of approximately 115 FISMA information systems with approximately 85 FISMA systems with contractor provided ISSOs. The systems consist of Agency hardware and Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) cloud solutions. The technologies supported include but are not limited to; Windows and Linux Operating Systems, Cisco Network Services, and various office automation, database, web development and security tools such as SQL Server, Tenable Security Center, McAfee Endpoint Security and Splunk. Cloud solutions include Microsoft Office 365, Microsoft Azure, Salesforce, Amazon Web Services (AWS), Service Now, VMware Cloud, McAfee MVISION Cloud, SAP NS2 Cloud and new cloud-based services. All cloud solutions are authorized by the Federal Risk and Authorization Management Program (FedRAMP). The Agency is seeking expertise in these system types and technologies to achieve FISMA compliance for current and future technologies.

ISSOs are responsible for ensuring and maintaining the security compliance for Agency information systems IAW NIST, Federal security policies, Agency and directives, mandates, and laws. The Contractor shall perform work using the RMF processes and methodology and ensure that management, operational, and technical controls for securing either National Security Systems or Sensitive but Unclassified (SBU) level Information Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.

All ISSOs shall perform ISSO specific duties as defined in the Agency’s ISSO Guide and in accordance with FIMSA and Agency policy. All ISSOs shall be designated in writing by the CISO designation letter to serve as the cybersecurity expert for assigned system(s). The Contractor shall support Privileged Account Audits and assist with external/internal audits for designated systems, inquiries and data calls; support continuous monitoring through review of audit logs, using software tools (e.g. Splunk) and also manually; ensure all FISMA compliance activities with NIST and RMF quality gates document submissions are completed on time, to support scheduled ATO and Ongoing Authorization (OA) scheduled reviews, in compliance with Agency defined policies and established procedures.

Qualifications

1. Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements
2. Technical knowledge of complex enterprise IT systems; Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
3. Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.

A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR a relevant master’s degree in IT, Computer Science, or Engineering and 7 years of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst.

1. At least two of the following security certifications: CAP, CISSO, CISM, or CISSP
2. Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
3. Technical knowledge of IT systems
4. Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
5. Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers. 

Additional Information

Secret Clearance required

Experience in ISSO training/mentoring a plus

Leading ISSO teams and developing improved processes and procedures a plus

Local travel to locations within the DMV(as needed)

Occasional travel to Colorado Springs(not often)

All of your information will be kept confidential according to EEO guidelines. Equal Opportunity Employer/Veterans/Disabled. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status. 

Ashburn Consulting is an Equal Opportunity Affirmative Action Employer. 
In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail [email protected].” 

Ashburn Consulting is an Equal Opportunity Affirmative Action Employer.
In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail [email protected].”