Cybersecurity SME – Information System Security Officer (ISSO) Continuous Monitoring Program Support - Panum Group, LLC Remote Bookmark Share Print 199 0 0

Listing Description

Panum Group, LLC. is seeking a self-motivated, talented, and detail-oriented Cybersecurity SME for Information System Security Officer (ISSO) Continuous Monitoring Program Support. Must have Federal Government Cybersecurity experience. Must be knowledgeable of Federal Government compliance and regulations in Cybersecurity. The successful candidate will have a minimum of 10 years of experience and leadership experience as well as 5+ years of demonstrated experience in managing Cybersecurity projects related to Information System Security Officer (ISSO) Continuous Monitoring Program Support.
 

Roles and Responsibilities
  • Develop and/or update a System Categorization (SysCat) for each system following Federal Information Processing Standards (FIPS) 199, Standard for Security Categorizations of Federal Information and Information Systems.
  • 7.2 Identify and/or confirm applicable NIST 800-53 controls to each system based on the system categorization. This may need to be repeated when NIST publishes a new revision of 800-53. Evaluate inherited controls that are not in place to determine what needs to be done to mitigate the risk and communicate information about those to cyber leadership.
  • Document and/or maintain each security control in a System Security Plan (SSP) in the Departmental selected tool (currently CSAM).
  • Develop and/or maintain the Privacy Threshold Analysis (PTA) and if necessary Privacy Impact Assessment (PIA).
  • Work closely with the contingency team to develop and/or maintain a Business Impact Analysis (BIA) for the system.
  • Develop and/or maintain an Information System Contingency Plan.
  • Develop and/or maintain the approach to configuration management in a Configuration Management Plan (CMP) for systems categorized as Moderate.
  • Evaluate the impact on system security of proposed changes and report on that impact to the Information System Owner. Conduct a Security Impact Assessment (SIA) change requests per the CMP.
  • Develop the Residual Risk Report.
  • Develop and/or maintain Interconnection Security Agreements (ISAs).
  • Develop After Action Reports for functional contingency activities. Develop functional exercise test plans if necessary.
  • Develop and/or update the auditable events table at least annually. Validate and update local auditable event settings. Conduct log reviews. Review audit logs at a minimum quarterly in accordance with the auditing requirements and SecureCAP procedures. Take action on audit log findings as appropriate.
  • Develop and or update hardware and software inventory.
  • Provide recommendations and guidance for corrective action of all non-compliant security controls to conform to POAM guidance. Develop POAMs, including milestones for inclusion in CSAM.
  • Monitor monthly vulnerability reports. Work with the broader technical team to help coordinate remediation of identified vulnerabilities.
  • Coordinate and monitor implementation of Standard Technical Implementation Guides (STIG) settings (or other government approved standard) on existing and new servers. Review the inventory of all devices via Security Content Automation Protocol (SCAP) scan and integration into the STIG checklists for each component (e.g., service, software) listed on the inventory.
  • Monitor backups as appropriate to ensure that they are being appropriately documented and carried out.
  • Monitor physical access, including maintaining physical access audit logs.
  • Support annual assessment of of security controls (all key controls plus one third of the remaining controls) following the comprehensive artifact completion schedule.
  • Provide monthly artifact tracking and metrics information.

    • Minimum Qualifications
  • 10 years of experience and leadership experience as well as 5+ years of demonstrated experience in Cybersecurity
  • 4-year degree from accredited University/College in related field.
  • Master’s degree preferred
  • Cyber specific certifications (e.g., Certified Information Systems Security Professional or CISSP; Certified Information Security Manager or CISM) are highly preferred.
  • Federal Government experience required
  • Excellent written and verbal communications skills.
  • Strong attention to detail and highly organized approach to work.
  • Experience and proficiency with Microsoft Office 365.

    •  Panum Group, LLC Established in 1997, Panum Group provides unique expertise and innovative solutions that address federal customers’ greatest business and mission challenges. A culture of excellence through innovation and problem-solving has resulted in 100 percent growth in employees and revenue over the last three years. Panum provides program & project management, acquisition & contract management, business & strategy consulting and next generation information and communications technology services for more than 20 federal agencies. For more information, please visit www.panum.com.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!