ASSYST's Information Assurance and Cyber Security Practice is seeking an Information Systems Security Officer (ISSO) with comprehensive knowledge and experience supporting FedRAMP Program. ASSYST is currently managing Cyber initiatives for various customers including Federal, State, and Local governments. Our end-to-end services cover architecture, design, policy, monitoring, detection, remediation, compliance, awareness, and training.
Primary Job Responsibilities:
- Provide Subject Matter Expertise for the FedRAMP program, including an overview of the FedRAMP Program, guidelines, and expectations
- Respond to crisis or urgent situations within the system to mitigate immediate and potential threats.
- Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize information security.
- Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to ensure that IT systems meet the organization's security requirements.
- Review all documentation (SAP, SSP, SAR, CP, etc.) for CSPs under in the FedRAMP Authorization process
- Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Maintain awareness of updates to Federal Policies, Laws, Requirements, etc. that affect FedRAMP Program.
- Provide security advice and recommendations to leadership and staff based on NIST and FIPS guidelines
- Analyze system security assessment reports.
- Develop estimates of the security risks associated with the deployment of new technologies.
- Use defensive measures and information collected from a variety of sources to identify, analyze, and report events
Requirements:
- Professional experience supporting information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
- Must have comprehensive knowledge of the FISMA and FEDRAMP. Understanding the relationships between FedRAMP Authorization Act, FISMA and OMB Circular A-130.
- In-depth knowledge of the NIST SP 800 series documents
- Practical knowledge of IT System contingency planning
- Good understanding of continuous monitoring and continuous authorization concepts
- Good understanding of the protection of PII and PIA concepts
- Familiarity with cloud service providers such as AWS, Azure, or Google Cloud.
- Good ability to articulate technical concepts, especially in the review process
ASSYST Benefits:
We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law