Senior Information Systems Security Officer Job Description Template
Our company is looking for a Senior Information Systems Security Officer to join our team.
Responsibilities:
- Ensure that assigned ISS are operated, maintained, and disposed of in accordance with approved security policies and practice;
- Manage the review and release of media and/or memory components;
- Develop, implement, and enforce information systems security policies;
- Ensure that system security requirements are addressed during all phases of the IS life-cycle;
- Advises the System Owners regarding security considerations in the various applications. ยท
- Works closely with the System Administration to maintain the various system and application security authorization status;
- Defines, creates, and maintains the documentation for assessment and authorization of information systems in accordance with government requirements;
- Prepares remedial options and supervise correction of information security shortfalls;
- Conducts trade off analyses of products for clients to determine optimal informant security solutions;
- Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit);
- Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks;
- Maintain knowledge of inventory in accreditation boundary;
- Conduct Contingency Plan tests at least annually and updating the plan;
- Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan;
- Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.
Requirements:
- Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the results generated from these assessments;
- Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs);
- Knowledge of information security engineering, design concepts and principles;
- Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan;
- Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills,
- Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates;
- Respond to emerging requirements or policies as set by legislation, regulation or policy;
- Experience supporting systems hosted in Cloud environments;
- Devise a plan to certify and accredit their assigned Information system or information systems;
- Conduct Contingency Plan tests at least annually and updating the plan;
- Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks;
- Maintain knowledge of inventory in accreditation boundary;
- Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit);
- Oral and written communication skills;
- Interpersonal and People Skills.