Information Systems Security Officer

*

> *

> *

> *

> *

>

Information Security Analysts Information Systems Security Officer (Remote) at Computer World Services, Corp.(CWS)

Job Description

Job Description To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems, and provide an accurate accounting and tracking for shortcomings and weaknesses. The weaknesses will be tracked, monitored and reported in Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA) and continuous monitoring activities will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making In addition to the personnel required to directly perform the subtasks listed in this section, the Contractor may provide Subtask support. Each Subtask support will provide effective implementation of their assigned subtask. Responsibilities include but are not limited to: Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring); Ensuring OFR goals are communicated to the task area supporting personnel; Providing guidance, support, and supervision to the subtask area supporting personnel; Ensuring supporting personnel are properly prioritizing tasks and responsibilities; Ensuring proper allocation of tasks among supporting personnel, as applicable; Ensuring proper scheduling of tasks among supporting personnel, as applicable; Providing the final quality verification/validation of deliverables prior to submission to the OFR; and ensuring compliance with OFR timelines and deadlines for deliverables and associated subtask completion dates. Key Tasks and Responsibilities Uses the NIST Risk Management Framework (RMF) and NIST SP 800-53 to conduct assessments of Information security controls in order to measure the effectiveness of control implementation and identify control gaps Ensures compliance to guidance, standards, and regulations such as the NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies Performs in-depth technical risk assessments and IT audits on systems, software, and processes Runs vulnerability scans, vets output for false positives, and works directly with administrators to remediate findings Assists in forensic investigations by reviewing log and system data, running Splunk queries, and identifying what happened. Prepares Security Authorization Packages including all supporting documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums Collects evidence, artifacts, and documents findings to support conclusions Reports on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies Support global information security metrics and reporting program(s) Provide security expertise to business units and key stakeholders Enforce policy adherence and manage formal policy exception requests Provide timely status updates/reporting on assessments and assigned projects Job Requirements

Education & Experience A Bachelor degree in Computer Science or a related engineering field with training in information security 10+ years experience in Information Security 5+ years experience building and managing Windows server platforms Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations Expertise in the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (i.e, FedRAMP) Thorough knowledge of federal laws and directives pertaining to information security Experience and strong knowledge on using security scanners (e.g. Nessus, Nexpose, etc), vetting false positives, and remediating vulnerabilities Experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum Benchmarks: CIS, STIGS) Experience reviewing system logs for potential intrusions and policy violations. Experience using Splunk. Certifications CISSP CISM Security Clearance Must be able to obtain an Agency specific clearance. Must be a US citizen or permanent resident Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.) This is a fully remote telework position that can be based anywhere within the United States. CWS employees working at a government customer location must comply with all COVID-19 customer requirements which may include: mandatory vaccination, mandatory attestation of one's vaccination status, and mandatory weekly or bi-weekly testing. EOE AA M/F/Vet/Disability EEO is the Law: Location:

Experience:

Not Specified

**CWS fosters a collaborative and exciting work environment for our employees. With positions around the globe, CWS is certain to have the position for you. Focusing on Information Technology positions throughout the Federal Government, CWS is constantly looking for talented professionals in all Information Technology fields.** CWS is committed to hiring and developing the most talented workforce in our industry. We are dedicated to providing a working environment which allows each and every employee to have both job satisfaction and growth, and, at the same, time meeting the goals of the company to deliver the best quality service possible. We strive to develop employees known for their character, commitment, and confidence, and we recognize the importance of each individual in the success of the entire company. Whether a senior engineer with advanced degrees or a brand new help desk representative, we participate in each employee's personal development by stressing education, training and the attainment of industry recognized certifications. From senior management to line personnel, CWS maintains an open-door policy at all times; encouraging the flow of communication, the exchange of ideas, creativity and self-esteem in the work place. We strive to create a corporate culture based upon open discussion and we encourage all employees to take an active role in the growth and future of CWS. Computer World Services is fully committed to the concept and practice of equal opportunity and affirmative action in all aspects of employment. today to be on your way to a rewarding, new career Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you. * Receive alerts with new job opportunities that match your interests * Share job opportunities with family and friends through Social Media or email *CWS is an Equal Opportunity Employer. It is the companys policy not to accept applications when no employment openings exist.*

#J-18808-Ljbffr