FedRAMP Information Systems Security Officer (ISSO)

FedRAMP Information Systems Security Officer (ISSO)

The Federal Risk and Authorization Management Program (FedRAMP) ISSO is an individual contributor role supporting various aspects of the FedRAMP program, including continuous monitoring, vulnerability tracking, mitigation/remediation, and reporting, and authorizing documentation/artifacts. 

Responsibilities

•  Create and maintain core security artifacts such as System Security Plan (SSP), Plan of Action & Milestones (POA&M), checklists, templates, and other documentation in support of the FedRAMP Assessment & Authorization (A&A) process.
• Utilize working knowledge of FedRAMP, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security controls and the NIST SP 800-37 Risk Management Framework to interpret standards, requirements, and their application to enterprise Cloud environments.
• Monitor and maintain an inventory of hardware and software for the information system.
• Assist in the identification, research, mitigation, and remediation of system vulnerabilities as required for proper tracking and reporting via the POA&M sheet.
• Support activities to meet monthly and yearly FedRAMP continuous monitoring requirements.
• Develop documentation related to Significant Change Requests and support any associated assessments that may be required.
• Provide support to internal stakeholders and subject matter experts and external third-party assessors during recurring audits.

 Qualifications

• Prior experience as an ISSO is preferred
• Strong understanding of FISMA, RMF, SA&A, FedRAMP and Cloud (AWS, Google, Azure)
• Experience working with NIST SP 800 Series (NIST SP 800-37 and NIST SP 800-53) and the Cloud Computing Security Requirements Guide (SRG)
• Experience with the FedRAMP authorization process and development and maintenance of core documents such as System Security Plan (SSP), Contingency Plan, Incident Response Plan, POA&M, Configuration Management Plan, etc.
• Knowledge of cloud security best practices and working with public cloud solutions (AWS, Google, and Azure)
• Experience in technical/system risk analysis and risk assessment
• Experience with vulnerability management and POA&M maintenance
• Understanding of basic networking concepts, such as IPsec tunnels, firewalls, routers, public and private addressing
• Strong experience with Microsoft product suite, particularly Microsoft Word, Excel, PowerPoint and SharePoint
• Experience with Google Workspace

 Soft skills

• Strong verbal and written communication skills (writing, editing, and proofreading skills)
• Strong analytical and problem-solving abilities
• Ability to work independently or as a member of a team
• Ability to manage workload and tasking to meet tight deadlines
• Ability to conduct independent research of complex technical information
• Ability to describe technical information to non-technical audiences

Additional

US citizenship required

#LI-REMOTE