Information System Security Officer - Mid

Job Title: Information System Security Officer - Mid Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: Secret Employee Type: Regular Percentage of Travel Required: Up to 10% Type of Travel: Local * * * The Opportunity: CACI is searching for an Information System Security Officer - Mid to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As an Intermediate ISSO, you will play a crucial role in ensuring the security and compliance of FEMA's information systems. You will work in a dynamic environment, collaborating with Lead ISSOs, IT system owners, stakeholders, and cybersecurity professionals to implement and maintain robust security controls. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data. The Intermediate ISSO will be responsible for technical cybersecurity efforts in coordination with Lead ISSOs, providing direct support to the Compliance Branch Lead. Serving as a point of contact for technical cybersecurity matters related to quantifying technical risk, the Intermediate ISSO will execute Risk Management Framework activities for ATO decisions, ensure confidentiality, integrity, and availability of FEMA Information Systems, and implement security controls throughout the system lifecycle. This position requires maintaining a security posture in compliance with FISMA, DHS 4300 Series, NIST, and DHS and Component Directives. Responsibilities: The ISSO - Mid will execute Risk Management Framework activities for ATO decisions and ensure systems meet compliance requirements while ensuring confidentiality, integrity, and availability of FEMA Information Systems through proper security control implementation. This position requires implementing security controls and conducting system assessments to identify vulnerabilities and gaps, as well as developing and maintaining System Security Plans, Configuration Management Plans, and Contingency Plans. The ISSO - Mid will conduct Security Impact Analyses and test configuration changes pre- and post-deployment, support continuous monitoring of IT systems, and develop and track POA&Ms for identified vulnerabilities. Responsibilities include developing security requirement traceability matrices and managing hardware and software inventory lists, supporting cloud security initiatives, and participating in Change Advisory Board (CAB) reviews. The position involves conducting technical vulnerability assessments, providing audit support documentation, and responding to cybersecurity data calls with timely information to leadership. Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating POA&Ms within 0 to 15 days after vulnerability identification, and updating System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur. The Intermediate ISSO will conduct Security Impact Analysis Reports within 5 business days after change notification, analyze Risk Assessment Reports and FISMA Scorecard Analysis on a daily basis, and produce Weekly Activity Reports and Monthly Program Reports. This position requires following the Information Systems Security Officer (ISSO) Guide when developing, updating, or reviewing required security artifacts and tracking and suggesting technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access. Qualifications: Required: - U.S. Citizenship required - Active Secret security clearance required - FEMA EOD suitability or Current DHS or FEMA EOD preferred - BS/BA + 10 years of applicable experience or equivalent combination - Must have one of the following Information Assurance Technician (IAT) Level III qualifications: - Certified Information System Security Professional (CISSP) - Certified Information Security Manager (CISM) - CompTIA Advanced Security Practitioner (CASP+) - Minimum 5 years of experience in information security - Demonstrated expertise in RMF, Information Security processes, FISMA, NIST SP 800-37, NIST SP 800-53 - Experience developing security documentation including SSPs, POA&Ms, and Contingency Plans - Knowledge of DHS 4300 Series and federal cybersecurity requirements - Experience with continuous monitoring and vulnerability management Desired: - Previous DHS or DoD experience - Experience with CSAM, RegScale, eMASS, or similar GRC tools - Cloud security experience with AWS, Azure, or other platforms - Knowledge of FedRAMP and cloud authorization processes - Experience with automated security tools and scripting - Strong technical writing and communication skills - What You Can Expect: A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation. An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality. A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy. Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Since this position can be worked in more than one location, the range shown is the national average for the position. The proposed salary range for this position is: $90,300-$189,600 CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic. Click on Search Jobs to find and apply to CACI openings.