SBD is looking for a Cross Functional ISSO to join us in support of our Federal Client located in Camp Springs, MD. This position is hybrid, requiring onsite work in Camp Springs, MD two (2) days per week.

The Cross Functional Information System Security Officer (ISSO) supports all Risk Management Framework (RMF) activities including the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. They will also support the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. The ISSO will provide oversight into all responsibilities as required and will support both Unclassified (SBU) and For Official Use Only (FOUO) systems. They shall perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.

Responsibilities Include:

• Risk Management Framework (RMF) Activities: Supports all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.
• Security Authorization Documentation: Responsible for initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.
• Security Control Assessment Response: Supports all assessment activities by responding to interview questions as well as works with the system teams to gather appropriate evidence as directed by the SCA team.
• Change Management: Reviews all change requests for potential impact to the system security posture.
• Continuous Monitoring: Conducts audit log and account management reviews and updates the Control Allocation Table and Trigger Accountability Log.
• Configuration/Patch/Vulnerability Management: Reviews scan results for the system assets, identifies the respective remediation's for misconfigurations and weaknesses, and works with the system team to ensure timely implementation of fix.
• Applies a comprehensive knowledge across key tasks and high impact assignments.
• Evaluates performance results and recommends major changes affecting short-term project growth and success.
• Functions as a technical expert across multiple project assignments.
• Supports all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government.
• Works on high priority ad-hoc request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), DHS mandates, etc.
• Prepares documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization.
• Develops briefings and presentations for Government PM and Executive Management.
• Incident Response: Works with the Security Operations Center (SOC) and system teams to investigate and analyzes any incidents affecting assigned system(s).
• Ensures systems are properly patched and hardened according to DHS requirements.
• Assists with issues and concerns related to their assigned systems.
• Conducts research and analysis on abnormalities and provides recommendations.
• Conducts Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats, and risks in emerging IT projects, and develops technical in-depth engineering solutions to address and mitigate these risks.
• Provides technical security solutions and controls implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements.
• Provides, prepares, and conducts security training, as needed.
• Applies and analyzes privacy laws, administrative laws, regulations, and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland Security Act of 2002.
• Serves as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations.
• Works on the automation, monitoring and auditing of privacy controls for each system.
• Supports security and privacy requirements for internal and external system connections.
• Supports proposed collection, sharing, and maintenance of PII through privacy compliance documentation.
• Performs comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with DHS and FISMA requirements.
• Conducts quality assurance checks to ensure that the finished documentation meets DHS and FISMA requirements.
• Implements a two (2) day turn around for the following artifacts: FIPS 199, E-Authentication Workbook, PTA, PIA, CP, CPT and a five (5) day turn around for the review of the Security Plan (SP).
• Establishes a mailbox and report tracking mechanism to ensure that the federal staff knows the status of all documents that are in the review process at all times by running a simple report.
• Revises, edits, or updates security authorization documentation and presentations.
• Creates, adapts, and follows project schedules and deadlines.
• Develops a thorough understanding of the audience and the documentation required by meeting with colleagues and works with managers to discuss technical problems.
• Researches and builds knowledge about products, services, technology, or concepts.
• Determines the clearest and most logical way to present information and instructions for greatest reader comprehension and writes and edits technical information accordingly.
• Prepares or commissions graphics and illustrations to elaborate on or complement technical writing.
• Meets with SMEs to ensure that specialized topics are appropriately addressed and discussed.
• Ensures daily, monthly, and quarterly compliance requirements are met individually and by professional level staff within the timelines provided by Operations executive leadership.
• Performs other related duties as assigned.

Required Experience and Qualifications:

• Must be a United States (US) Citizen.
• Must be able to pass a comprehensive background check.
• Must be able to obtain an agency-specific Public Trust clearance prior to joining.
• Must reside in the Washington, DC metropolitan area, within a commutable distance to our client's location in Camp Springs, MD in order to work onsite 2 days per week.
• At least three (3 +) years of specialized experience in one of the following positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager.
• At least three (3 +) years of experience with analyzing, assessing, and implementing corrective actions based on vulnerability management tools.
• At least three (3 +) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings.
• Must have and maintain at least one (1 +) active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by our customer. Proof of certification is required.
• Bachelor's Degree in related field required is required. Equivalent years of experience in a related field may be substituted for the degree.
• Experience working with NIST SP 800-53, RMF, FISMA, DHS and Department of Defense (DoD) policies.
• Excellent verbal and written communication skills; technical and business focused, with the ability to document and describe security process information collected.
• Deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents.
• Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• Proficient with Microsoft Office Suite; specifically, Excel, Word, and Outlook a must. Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting a must.
• Hands-on experience with Adobe Pro a must.
• Must have an impeccable work ethic, the ability to make sound decisions, and a commitment to integrity and accountability.
• Excellent interpersonal, negotiation, and conflict resolution skills.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.
• Strong leadership skills.
• Ability to function well in a high-paced and at times stressful environment.
• Ability to prioritize tasks and to delegate them when appropriate.