Tyto Athene is searching for a highly experienced Lead Information System Security Officer (ISSO) to support our customer in Arlington, Virginia.
Responsibilities:
Lead Risk Management Framework Assessment & Authorization (A&A) activities for various information systems
Lead the entire RMF cycle for all assigned systems to include: initiation, categorization, selection, implementation, assessment, authorization & continuous monitoring
Implement & manage security controls in accordance with the current revision of NIST 800-53
Conduct ongoing security reviews & tests of assigned systems to verify that security features and controls are functional and effective
Develop Plan of Action & Milestones (POA&Ms) in response to identified vulnerabilities, and lead remediation efforts
Develop security documentations to include, but not limited to, System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other artifacts to support the Body of Evidence (BOE)
Coordinate security testing exercises to include but not limited to: incident response, disaster recovery & contingency activities
Review proposed change requests related to system design/configuration and perform a security impact analysis (SIA) to provide approval or denial recommendations
Support external & internal audits of designated systems
Develop & present, both verbally and in writing, security briefings to all levels of the organization including senior executives (CIO, DCIO & CISO)
Required:
Bachelor's degree in Computer Science, Information Technology, or related field
12 years of relevant experience
Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System Owners
Familiarity with information system security principles of NIST 800-171
In-depth knowledge of NIST special publications, CNSS policies and instructions
Ability to review, analyze, and interpret technical procedures against customer security requirements
Strong communication skills, both written and verbal
Desired:
Understanding & experience with eMASS or Xacta is a PLUS
FedRAMP process & Cloud environments (Azure, AWS) experience preferred
Certified Information Security Manager (CISM) (optional but highly recommended)
Clearance: Active TS/SCI clearance required
Certification: DoD 8570 IAM/IAT Level III certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.