Tyto Athene is searching for a highly experienced Lead Information System Security Officer (ISSO) to support our customer in Arlington, Virginia.
Responsibilities:
- Lead Risk Management Framework Assessment & Authorization (A&A) activities for various information systems
- Lead the entire RMF cycle for all assigned systems to include: initiation, categorization, selection, implementation, assessment, authorization & continuous monitoring
- Implement & manage security controls in accordance with the current revision of NIST 800-53
- Conduct ongoing security reviews & tests of assigned systems to verify that security features and controls are functional and effective
- Develop Plan of Action & Milestones (POA&Ms) in response to identified vulnerabilities, and lead remediation efforts
- Develop security documentations to include, but not limited to, System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other artifacts to support the Body of Evidence (BOE)
- Coordinate security testing exercises to include but not limited to: incident response, disaster recovery & contingency activities
- Review proposed change requests related to system design/configuration and perform a security impact analysis (SIA) to provide approval or denial recommendations
- Support external & internal audits of designated systems
- Develop & present, both verbally and in writing, security briefings to all levels of the organization including senior executives (CIO, DCIO & CISO)
Required:
- Bachelor’s degree in Computer Science, Information Technology, or related field
- 12 years of relevant experience
- Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System Owners
- Familiarity with information system security principles of NIST 800-171
- In-depth knowledge of NIST special publications, CNSS policies and instructions
- Ability to review, analyze, and interpret technical procedures against customer security requirements
- Strong communication skills, both written and verbal
Desired:
- Understanding & experience with eMASS or Xacta is a PLUS
- FedRAMP process & Cloud environments (Azure, AWS) experience preferred
- Certified Information Security Manager (CISM) (optional but highly recommended)
Clearance: Active TS/SCI clearance required
Certification: DoD 8570 IAM/IAT Level III certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.