Information System Security Officer (ISSO) in Arlington, VA at Maximus

Date Posted: 4/7/2021

Job Snapshot

Job Description

Who We Seek:
•Passion Seekers. You genuinely care about the work that you do and its impact on society.
•Self-Starters. You’re a go-getter who isn’t afraid to step up and disrupt the status quo.
•Entrepreneurs. You bring fresh ideas to the table, work hard, develop business and consistently seek new challenges.
•Collaborators. You’re a great contributor to a high performing team that accomplishes great feats for our clients.

Job Responsibilities:
•Active TS/SCI clearance (validated with JPAS)
•Apply and verify data security access controls based Joint Security Implantation Guide (JSIG), privileges, and associated profiles.
•Implement media control procedures and continuously monitor for compliance.
•Implement and verify data security access controls and assign privileges based on need-to-know.
•Investigate all suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).
•Apply and maintain required confidentiality controls and processes.
•Implement authenticator generation and verification requirements and processes.
•Execute media sanitization (i.e., clearing, purging, or destroying) and reuse procedures.
•Execute processes and procedures for protecting CUI, SAP, SCI, and PII.
•Responsible for creation and management of Body of Evidence (BOE)
•Maintain privilege access control logs
•Assess Continuous Monitoring (CM)
•Creation and management of Interconnection Security Agreements (ISA)
•Ensure JISG compliance for Oracle databases
•Ensure JISG compliance of application within multiple accredited boundaries
•Track vulnerabilities by creating Plan of Action and Milestones (POA&M)
•Manage the configuration and documentation contained in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
•Maintain and manage continuous monitoring of DoD STIG compliance
•Enforce the continuous monitoring strategy using tools such as Splunk, Oracle Cloud Control, ACAS reports, scripts to perform database/application user/privilege review, etc.
•Advise on secure implementation strategies for database and application projects to include as DBMS and application upgrades.
•Code Reviews for database and application development and configuration management activities, established by the Change Management Plan and Change Management Working Group.
•Demonstrate a general knowledge of project management as it applies to SLAs, POA&Ms, contracts, security administration, and control testing.
•Demonstrate a detailed ability to analyze events or test results and prepare a POA&M.
•Demonstrate the ability to integrate project management, configuration management, continuous monitoring, and POA&M processes.
•Demonstrate a detailed ability to prepare reports identifying the results of compliance and performance tests.
•Other ISSO specific functions include:
•Determines enterprise information assurance and security standards.
•Develops and implements information assurance/security standards and procedures.
•Coordinates, develops, and evaluates security programs for the organization. Recommends information assurance/security solutions to support customers' requirements.
•Identifies, reports, and resolves security violations.
•Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
•Supports customers at the highest levels in the development and implementation of doctrine and policies.
•Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
•Performs analysis, design, and development of security features for system architectures.
•Analyzes and defines security requirements for computer systems which may include workstations and personal computers.
•Designs, develops, engineers, and implements solutions that meet security requirements.
•Provides integration and implementation of the computer system security solution.
•Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
•Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
•Ensures that all information systems are functional and secure.
•Information System Security Officer (ISSO) must interface with Database Administrators (DBAs), Application Administrators (AA), third-party system administrators, Program Management Office, Leadership, Corporate staff and other Cyber Security teams, and the end-user community.

College-level communications skills, ability to communicate clearly, both orally and with written communications

Required Skills:
•Bachelor's degree from an accredited university in a related field (computer science, engineering, or information systems)
•8+ years of experience to include Information Assurance (IA) experience with a large, complex programs.
•The ISSO shall have at least five years' experience in planning, documenting, and resolving security and information assurance issues on a technical program.
•The ISSO shall have experience leading the overall role of relevant System Engineering and Integration efforts on a technical program
•Splunk Enterprise – creating and monitoring dashboards, reports, alerts on audit and log data.
•Candidates MUST have a Security + certification, plus be able to obtain a Certified Information Systems Security Professional (CISSP) or similar certification for IAT Level III per 8570 Cyber Workforce Requirements within 6 months of hire date.

Desired Skills:
•Experience with one or more of the following technologies: Oracle E-Business Suite, Oracle Business Intelligence, Prism, Documentum, Data Warehouse, Cold Fusion, Apache, and Oracle DBMS (Database Management System);
•Working experience with eMASS is desired.
•Security+ certification
•Demonstrated ability to build trusted advisor relationships with clients
•Experience supporting sales and business development
•Experience with financial management

Years of Experience: 8+ Years
Minimum Education Required: Bachelor's Degree
Must Have Active TS/SCI Clearance in JPAS
Due to federal client requirements, only US Citizens can be considered

 Job Summary

Required Skills:

- Five to 10 years of experience as an ISSO, ISSM, or CISO for one or more federal information systems.
- Strong familiarity with RMF, as established by the Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications.
- Experience with the Federal Risk and Authorization Management Program (FedRAMP).
- Senior level of experience in engineering information systems, as well as working knowledge of current technologies.
- Strong preference for a Certified Information Systems Security Professional (CISSP), or ability to obtain certification within six months of hiring. Alternatively, an existing Certified Authorization Professional (CAP) certification is acceptable.
- Excellent verbal and written communication skills, with the ability to state messages in a clear and concise manner.
- Strong consulting skills, with experience presenting to executives.
- Ability to multi-task, prioritize, and re-prioritize work in a fast-paced environment.
- Ability to learn an application environment in order to update or create supported security documentation.
- Experience in accreditation and assuring the system is compliant with all required security controls as defined by agency policies.
- Ability to support the ISO in selecting security controls for the information system.
- Experience in reviewing proposed change requests related to system design/configuration and performing security impact analysis.
- Experience in reviewing monthly vulnerability scan reports, and tracking and addressing weaknesses in POA&Ms as needed.
- Preferred experience using the Cyber Security Assessment and Management (CSAM) system or similar tools.
- Experience with vulnerability scanning and assessments.

Desired Skills:

- Demonstrated ability to build trusted advisor relationships with clients
- Experience supporting sales and business development
- Experience with financial management

Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit

EEO Statement: Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We’re proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.