Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
CS
Hybrid Information Systems Security Officer – ISSO
Posted 4 weeks ago
About the role
- Information Systems Security Officer ensuring compliance with security standards for U.S. Department of Commerce systems. Conducting oversight activities and managing cybersecurity risks overall.
Responsibilities
- Conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements.
- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades.
- Maintain responsibility for managing cybersecurity risk from an organizational perspective.
- Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.
- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.
- Provide configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).
- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.
- Support security authorization activities, including transitioning from DIACAP to compliance with the DoC RMF.
Requirements
- Bachelor’s Degree.
- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.
- eMASS experience.
- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.
- Strong desktop publishing skills using Microsoft Word and Excel.
- Experience with industry writing styles such as grammar, sentence form, and structure.
- Ability to multi-task in a deadline-oriented environment.
Benefits
- Health, Dental, and Vision
- Life Insurance
- 401k
- Flexible Spending Account (Health, Dependent Care, and Commuter)
- Paid Time Off and Observance of State/Federal Holidays
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.
Senior Lead Info Security Architect leading and collaborating on cybersecurity solutions at TIAA. Responsible for secure design and implementation of cloud security strategies and practices.
Part Time Security Officer providing protection for Collector's personnel and assets at trade shows across North America while reporting to Security Shows & Transportation Manager.
Enterprise Security Architect at PBCN GmbH designing and implementing security architectures. Collaborating with teams to ensure application security and conducting risk assessments.