Information System Security Officer; ISSO Security Clearance

Position: Information System Security Officer (ISSO) with Security Clearance
Open Systems Technologies Corporation is a leader in the government contracting marketplace, providing Enterprise Security and Cloud Computing solutions to support large organizations. Our capabilities include supplying federal government entities and private businesses with software development, scientific and engineering technical assistance, systems integration, and enterprise security. Since its founding in 1996, OST has been committed to delivering high-quality, best-in-class results that bring added value to our clients while investing in our employees' futures by providing exciting projects to work on, and robust benefits to include technical training and certifications, relocation assistance and a 401K match with immediate vesting.

OST is seeking an Information System Security Officer (ISSO). The ISSO will be responsible for managing the authorizations and risks related to the processing, storage, and transmission of information for one or more programs within the Dissemination Task Order on the FS2 Program. The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands, providing leadership over security assessment activities, working across system ownership and management organizations to test security controls, policies, and procedures, providing program management support, team leadership, and participating in and coordinating the support as needed for security assessment and activities The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices.

The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs), and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk. As part of this process, the ISSO performs testing and security assessments to sustain required accreditations.

The ISSO promotes the use of secure hardware and software within the systems affected by government and corporate approval standards. The ISSO works to ensure all required security policies and practices are effectively applied to systems and ensures security controls implementing these policies are applied and achieve the proper levels of confidentiality, integrity, availability, and privacy protection throughout the system life cycle.

The ISSO also assists with the execution, analysis, and remediation activities for the vulnerability management program (scanning, assessment, reporting, and mitigation verification) that spans different accreditation entities, three distinct classification domain enclaves (U), (S) and (TS), using the Nessus and Tenable-ACAS vulnerability scanning tools. Responsibilities:
* Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
* Must be able to quickly respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms);
Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines.
* Maintains system security plans and related configuration records in customer Service+ (Service Now), XACTA-360 platform, and Leidos-CIO security tools.
* Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones.
* Work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities.
* Provides guidance and engages the program lab team to implement secure software and hardware processes, apply government security standards, and commercial best security practices.
* Resolves highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements.
* Communicating with Leidos and NGA leadership (internally or client) regarding matters of significant importance to the organization/project.
* Apply in-depth understanding of information security technical principles, theories, concepts, and their application across a range of programs.
* Develop and maintain security documentation per NGA/IC/DoD-DISA/NIST/Industry standards and policies.
* Initiate and coordinate all Assessment and Authorization (A&A) and renewal activities working with the NGA Designated Authorization Officials (DAO or DAOR).
* Address any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes.
* Measure…