Information Systems Security Officer - ONSITE - Government and Public Sector
EY
- McLean, VA
- Permanent
- Full-time
- Evaluate technical and non-technical security controls to ensure they meet security requirements for processing classified information.
- Own the planning, monitoring, testing, and updating of system security plans for assigned information systems using guidance from NIST SP 800-53, the National Industrial Security Program Operating Manual (NISPOM), Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM), and the Department of Defense Cloud Computing Security Requirements Guide.
- Take ownership of issues discovered during security control and risk assessments by creating and managing plans of action and milestones (POA&M).
- In collaboration with the Facility Security Officer (FSO), implement and continuously monitor DoD procedures for classified document control, visitor control, personnel security, and physical security.
- Direct security measures necessary for implementing applicable security requirements of the NISPOM related Federal requirements.
- Manage and control changes to the system and assessing the security impact of those changes.
- Advise and inform the appropriate System Owner, Authorizing Official, and GPS management regarding issues or concerns regarding GPS information systems.
- Investigate and document risks associated with information systems for management review and acceptance.
- Support Authorizing Officials with their risk-based decision process by preparing appropriate system and risk documentation.
- Participate in the management of information security risks at the system and program levels.
- Application security and cloud security experience.
- Ability to learn, understand, and demonstrate Agile methodology.
- Ability to speak to a client as well as an assessor about security control implementation.
- Able to be flexible with timelines and priorities
- Ability to give guidance to newer security staff
- Ability to organize, structure and prioritize information from various sources
- Ability to appropriately balance needs of GPS Information Security with business and technological risks and business impact
- Ability to think creatively while accounting for multiple perspectives in any given scenario
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
- Ability to work independently and with minimal direct supervision
- Focused on how to best convey information clearly and concisely
- Experience working in information security and understanding of information security concepts including technical, administrative, or managerial controls.
- Knowledge of information security policies / principles of handling and protecting information
- In-depth understanding of NIST security documentation such as FIPS and 800 Series publications and their application.
- General technical knowledge of operating systems, databases, networks, mobile technologies, and cloud services
- Strong English language skills are required - written and verbal
- Good writing, presentation, interpersonal, and collaborative skills
- Skilled in executive level presentations and briefings
- Experience managing communication with internal customers
- Ability to collaborate with others to facilitate and enhance compliance with policies
- Maintain awareness of the current security threat landscape
- Experience with coordinating tasks, allocating resources, and following tasks and projects through completion
- High degree of cultural and emotional intelligence, and demonstrated aptitude for resilience, flexibility, and ability to adapt to changing circumstances and dynamics
- Experience with Microsoft Office, GRC tools, and vulnerability scanning tools.
- Degree in Information Assurance, Computer Science, or a similar technical field or equivalent work experience
- A current/active U.S. Top Secret Security Clearance
- Working experience in a cloud environment (Classified or lower)
- Must hold a CISSP, CISM, or CCISO certification in accordance with DoD 8570/8144compliance with Information Assurance Management (IAM) Level III
- Experience and familiarity with NIST frameworks (NIST SP 800-37, NIST SP 800-53, NIST SP 800-171)
- Demonstrated experience creating system security plans.
- Minimum of 5 years of Industrial Security experience
- Full understanding of the National Industrial Security Program Operating Manual (NISPOM) and Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM)
- Working knowledge with physical construction of Special Access Program Facilities (SAPFs) and/or Sensitive Compartmented Information Facilities (SCIFs); ICD-705 knowledge
- Physical/Technical Security and Document Control
- Interpreting, implementing, and assessing DISA STIG results.
- Managing cybersecurity incident response and incident handling.
- Working with people with different levels of technical knowledge and expertise
- Working in Azure and Cloud Computing environments
- Creating and maintaining appropriate measures for an information security program in a highly audited environment
- Excellent computer skills with ability to draft/implement Standard Operating Procedures (SOPs)
- Evaluating and documenting information security risks and issues in both a qualitative and quantitative manner
- Planning and managing information security remediation efforts
- Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.