HRTec is a diverse and growing company. As a busy provider of telecommunications, internet, web design, software, and consulting services, we welcome your interest in joining our family.
If you would like to be a part of a company that cares about commitment and quality – to both our customers and our employees – then consider sending us your résumé.
Information System Security Officer (ISSO)
Provides on-site administrative support and coordination to a complex series of secure cloud service offerings. Oversees the administrative, operational, and clerical functions of assigned information security workforce. Maintains office records and files. May collect time sheets and other personnel records or paperwork for corporate processing. Performs other duties as assigned, such as Human Resources, Facilities and Security functions. Requires Bachelor’s degree or equivalent and two to four years of related experience. HRTec is seeking an Information System Security Officer (ISSO) to support multiple federal agencies cloud services IaaS and PaaS requirements through the FedRAMP program. The FedRAMP Program is a high-profile, high-visibility, cybersecurity modernization and risk management program where you can contribute innovative solutions and consult with many different federal agencies to enhance their Information Assurance (IA) programs and continuous monitoring capabilities.
Responsibilities will include:
- Provide consulting to Agencies on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives
- Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide increased visibility to system owners on impacts to the security posture of systems
- Ensure system security measures comply with applicable government policies
- Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system
- Ensure that system security requirements are addressed throughout the project and system lifecycle
- Ensure effective controls and processes are in place and working effectively to maintain a strong system security posture.
- Perform vulnerability/risk assessment analyses to support Audit, Assessment and Authorization activities
- Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (PoC)/ISSO any related remediation activities
- Understand and monitor operations processes, including but not limited to, the Incident Response Process and Communications Process, to ensure that they are followed properly supporting Agencies for applicable solutions and tools
- Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate
- Provide prompt feedback to HRTec Project Management and Operations personnel in a timely manner and provide ongoing education on security protocols and procedures.
Qualifications and Education/Certification Requirements:
- B.S. in Information Technology or Information Security desired
- 5+ years of experience in InfoSec specializing in NIST and/or DoD RMF specific experience highly desired
- DoD 8570 approved baseline certification (s) (i.e., CISSP, CISM) preferred
- Experience with DoD and FedRAMP Authorization to Operate (ATO) Programs preferred
- Experience with Continuous Monitoring and Identity Assurance Management a plus
- Experience with Cloud implementations and environments
- Extensive knowledge and experience with information security standards, policies and practices NIST SP 800-53 rev4, SP 800-37 rev2, FIPS-199, FIPS-200.
- Demonstrated experience writing information system security documentation (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).
- Experience using vulnerability assessment tools (NESSUS, etc.), analyzing and interpreting assessment results.
- Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management
- Ability to research and address information security issues as required as an authority on the subject.
- FedRAMP experience required
- Strong understanding of infrastructure technologies and functionalities (e.g., firewalls, Windows/Linux servers, Active Directory (AD), Veeam Availability Suite, MS Systems Center, etc.)
- Must be a self-starter and be able to think outside of the box to design effective solutions
- Must have excellent verbal and written communication skills as this position will interact with senior-level executives.
Must be a US citizen and pass a background investigation.
Ability to handle stress and work well under pressure, Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-Tasking Ability
Job Type: Full-time
- NIST risk framework: 1 year (Preferred)
- Nessus: 1 year (Preferred)
- ISSO: 1 year (Preferred)
We are looking for skilled professionals who want a long-term commitment. If this is you please send us your résumé for review.