Location: all cities,MN, USA
Qualifications: Position Summary:Our client is looking for an experienced Information System Security Officer (ISSO) Liaison to support the Bank in its role as a Fiscal Agent for the Department of Treasury and the Bureau of the Fiscal Service. In the role of an ISSO Liaison, you will support theISSO to help to ensure that all relevant IT security requirements prescribed by Client or Fiscal Service are implemented and maintained throughout the lifecycle of the information system. Ideal candidates will have had previous experience with NIST based information security control and risk management frameworks as well as a commitment to delivering high-quality, prompt, and efficient services to stakeholders.Responsibilities: Ensure that applicable IT security policies are implemented for assigned information systems. Ensure that the operational security posture of the information systems is maintained and kept consistent with current security policies and that all assessments of security controls are conducted, documented and reported. Ensure that applicable requirements for Information Security Continuous Monitoring are followed including:a) Completing annual Security Assessments and Authorizations as well as assessments whenever there are significant changes to the information system, the facilities where the system resides, or other conditions that may impact the security or ongoing authorization status of the system.b) Ensuring sure that an Operational Continuous Monitoring Plan is maintained and executed as part of the System Security Plan (SSP).c) Ensuring the accomplishment of risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.d) Ensuring that all Exceptions and Plan of Action and Milestones (POA&Ms) are created, reviewed, and reported to the System Owner, Program/Project Manager and Authorizing Official (AO). Coordinate with the ISSO and the Information System Owner to update the SSP, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control. Ensure that IT Security management, operational and technical controls are incorporated throughout the system life cycle. Ensure that all IT security documentation (e.g. System Security Plan, Information System Contingency Plan, and Configuration Management Plan) is properly maintained, approved, updated and compliant with security program requirements. Evaluate known threats and vulnerabilities to ascertain if additional safeguards are needed and brief the ISSO accordingly. Ensure documentation of mitigating actions or risk acceptances/exceptions in an Issue Resolution with signed approval when plans for future action to address identified security weaknesses are decided. Ensure that system audit trails are regularly examined with anomalies reported accordingly. Ensure that system audit trails are archived in accordance with records management requirements. Ensure documentation is developed and maintained detailing the information system hardware and software configuration and all security countermeasures that protect it. Ensure that all requirements for the protection of sensitive and mission critical information, including Sensitive But Unclassified (SBU) information, Controlled Unclassified Information (CUI), and Personally Identifiable Information (PII), within the information are being met and followed. Support refinement of the Information Security team backlog, as needed, ensuring clear requirements alignment in support the team's mission or objective. Support project initiatives by gathering, analyzing, and capturing input from customers, partners or stakeholders and synthesizing into clear and actionable requirements (user stories) for prioritization and execution. Conduct research and analysis on relevant security topics and prepare written or verbal reports or presentations stakeholders and management. Responsibilities: Bachelor's degree in computer science, information security, cybersecurity, related field or equivalent combination of education and experience. Minimum of 5 years of combined information technology or information security experience. Must have knowledge of, and experience with, the NIST 800 series publications including: 800-30, 800-37, 800-53, 800-53a, 800-60. Previous experience working in Federal IT Security and/or experience performing the duties of an Information System Security Officer (ISSO) is preferred. Strong knowledge and experience designing, implementing or supporting security controls or operational security support systems. Strong knowledge of common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes. Experience leading or supporting development, documentation and maintenance of security policies, processes or procedures. Highly effective written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and non-technical audiences across all levels of the organization. Highly effective prioritization capabilities with an aptitude for breaking down work into manageable parts while effectively assessing the priority and time required to complete each part. Highly effective organization, time management, and attention to detail Highest commitment to delivering a great customer experience with a personal and professional value system consistent with the culture and values of the Bank and Client System. Strong knowledge and experience working in an Enterprise Agile and DevSecOps environment is preferred. Professional cybersecurity certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials.Additional Information:The United States Treasury Department (Treasury) has imposed citizenship requirements for certain positions that support the Reserve Banks Treasury fiscal agency functions and/or spend time working on Treasury security sensitive matters. These positions have been risk rated by Treasury and incumbents must meet the corresponding citizenship requirements of the rating and provide acceptable documentation evidencing such. This Information Security position provides access to Treasury security sensitive matters, is risk rated HIGH, and as such requires the incumbent be a U.S. citizen.