Cloud Information Systems Security Officer (ISSO) – Remote at MindPoint Group #vacancy #remote

Cloud Information Systems Security Officer (ISSO) – Remote

Department: GRC

Location:

Text code 9999 to to apply!

Since 2009, MindPoint Group has been the cybersecurity firm of choice for the most security-conscious US federal agencies and commercial enterprises.

We’re proud to be one of Inc. 5000’s fastest-growing companies in the country. With several -Best Places to Work- awards under our belts, we have a diverse employee-focused culture, accessibility, and communication between all levels and departments, and over 4 stars in reviews on Glassdoor.

Come be a part of what we’re building. We use our award-winning recruitment process to seek the most skilled, experienced, and driven information security consulting experts in the industry, while simultaneously empowering applicants to determine if MindPoint Group is the right fit for them. We are profoundly invested in selecting the right people to join our team and are equally driven to expand and develop careers long-term.

With positions throughout the US, a role at MindPoint Group promises you:

An opportunity to work within one of the most diverse DC-based organizations

Generous tuition and professional development reimbursements

Mentorship opportunities with leaders focused on your growth

Competitive benefits like 401k matching, 11 federal holidays, etc.

And more!

Job Description

This role is contingent upon award. MindPoint Group is seeking an experienced Information Systems Security Officer (ISSO) to support a federal customer. The ISSO will manage the overall security-related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles. Systems are deployed using a public cloud service provider to deliver advanced capabilities to the Federal government using IaaS, PaaS, and SaaS service models.

What you get to do every day:

Advise government program managers and stakeholders on security testing methodologies and processes

Conduct impact level categorizations for Confidentiality, Integrity, and Availability of the information on a system

Conduct implementation statement reviews

Create implementation statements

Advise on systems alignment with the NIST Cyber Security Framework (CSF)

Develop, coordinate, test Contingency Plans and Incident Response Plans

Develop and document incident reporting procedures for service desk, admins, and security staff

Review system security documentation to accommodate changes to policy or technology

Evaluate certification documentation and provide written recommendations for accreditation to government PMs

Assess changes in systems, environment, and operational needs that could affect accreditation

Perform system analysis, system audits, system monitoring, security control assessment/testing, risk management, and support incident response

Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems

Review proposed change requests related to system design/configuration and performing a security impact analysis (SIA) to provide approval or denial recommendations

Implement and manage Security Controls in accordance with the current revision of NIST 800-53

Conduct system certification tests, inspections, and reviews that include verification that the features and assurances required for each protection level are in place, and prepare Security Assessment Reports

Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities

Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems

Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities

Identify and support system Interconnection Security requirements

Qualifications

US Citizenship with the ability to get a Public Trust required

What do you need?

Bachelor of Science degree in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or related major; Experience may be substituted for degree requirement

Security experience with Cloud environments required. AWS experience preferred

At least one of the following certifications: CISSP, CCSP, CCSK, CISM, GSLC, CISA, CASP, or equivalent.

Strong understanding of FedRamp

At least 4 years of experience working in Information Assurance, with at least 2 years working in an ISSO role

Familiarity with the following Security Regulations and/or Frameworks:

FISMA.

OMB Circular A-130.

Privacy Act of 1974.

o NIST 800 Special Publication Series (i.e., 800-53, 800-53A, 800-37, etc.)

Federal Risk Authorization and Management Program (FedRAMP).

NIST Cybersecurity Framework (CSF).

ISO/IEC 27017:2015 Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services.

Strong communication, problem-solving, and analysis skills

Ability to work in remote teams

Additional Information

All your information will be kept confidential according to EEO guidelines.

Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $115-130k. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, maternity/paternity leave, mobile phone stipend, pre-tax commuter benefits, the opportunity to participate in our mentorship program, and more!

MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

Job applicants that are interested in one of our openings and may require a reasonable accommodation to participate in the job application or interview process, should contact us to request an accommodation.

Are you interested in a posted job opportunity but may not check all of the -boxes- for desired qualifications? If so, we encourage you to apply! Our commitment to sustain and champion an inclusive and dynamic community of employees is a high priority!

Text code 9999 to to apply!

ISO standards Amazon Web Services (AWS) FedRAMP Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)

Leave a Reply