Information Systems Security Officer (ISSO)

Gray Tier Technologies is a seeking an Information Systems Security Officer to support a brand new customer and mission providing cyber security services to support Department of Energy initiatives.

Primary Responsibilities:

• Support analysis and develop cybersecurity recommendations to address ongoing and emerging issues
• Ensure all cybersecurity processes are documented.
• Conduct process analysis
• Provide recommendations for process improvements.
• Conduct Assessment and Authorization and/or Risk Management Framework activities as directed
• Assist the AO and ISSM in developing and maintain cybersecurity documentation.
• Assist the AO and ISSM to develop corrective action plans, receive approval, and track implementation of corrective actions in designated tool
• Respond to data calls
• Support and participate in projects
• Provide Cybersecurity Policy Subject Matter Leadership in the area of Cybersecurity Governance policy and enterprise standards including the review and comment on Governance related issues via the RevCom and governance processes.
• Use specified eGRC tool to gather and present relevant data to support reporting, including Archer dashboard for PEMP related metrics where appropriate extracts and reviews for each performance evaluation cycle
• Present cybersecurity metrics, inspection metrics, and enterprise risk management measures via dashboards for situational awareness.
• Assess the implementation of cybersecurity policies focused on oversight and governance by Federal staff at NNSA site offices.
• Review site cybersecurity policy implementation for compliance.
• Maintain a Cybersecurity Improvement Plan which consists of approved mitigations; participate in self-assessments and surveys; implement and track corrective action plans for all reportable findings.

Basic Qualifications:

• Typically requires BS and 4 – 8 years of prior relevant experience or Masters with 2 – 6 years of prior relevant experience.
• Experience with Archer
• DoD 8570 IAT Level II or higher
• Knowledge of NIST SP 800-37, CNSSI 1253, FIPS 199 and NIST SP 800-53
• Knowledgeable in RMF accreditation processes
• Ability to create metrics, documentation, presentations, and procedures and communicate results effectively.
• Experience in auditing security controls
• Knowledge of Continuous Monitoring
• Experience in scanning and interpreting scan results.
• Knowledgeable in STIGs and SRGs
• Knowledge of Common Control Processes
• Project Management skills
• Technical Writing Skills
• Customer service skills both verbally and written
• US Citizen
• Q or TS Clearance.
• CISSP within 6 months.