Senior Information Systems Security Officer Job Description

View Senior Information Systems Security Officer jobs

Senior Information Systems Security Officer Job Description Template

Our company is looking for a Senior Information Systems Security Officer to join our team.

Responsibilities:

  • Ensure that assigned ISS are operated, maintained, and disposed of in accordance with approved security policies and practice;
  • Manage the review and release of media and/or memory components;
  • Develop, implement, and enforce information systems security policies;
  • Ensure that system security requirements are addressed during all phases of the IS life-cycle;
  • Advises the System Owners regarding security considerations in the various applications. ยท
  • Works closely with the System Administration to maintain the various system and application security authorization status;
  • Defines, creates, and maintains the documentation for assessment and authorization of information systems in accordance with government requirements;
  • Prepares remedial options and supervise correction of information security shortfalls;
  • Conducts trade off analyses of products for clients to determine optimal informant security solutions;
  • Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit);
  • Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks;
  • Maintain knowledge of inventory in accreditation boundary;
  • Conduct Contingency Plan tests at least annually and updating the plan;
  • Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan;
  • Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.

Requirements:

  • Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the results generated from these assessments;
  • Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs);
  • Knowledge of information security engineering, design concepts and principles;
  • Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan;
  • Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills,
  • Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates;
  • Respond to emerging requirements or policies as set by legislation, regulation or policy;
  • Experience supporting systems hosted in Cloud environments;
  • Devise a plan to certify and accredit their assigned Information system or information systems;
  • Conduct Contingency Plan tests at least annually and updating the plan;
  • Create of Waivers or Risk Acceptance Memos to assist in the effective management of system risks;
  • Maintain knowledge of inventory in accreditation boundary;
  • Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit);
  • Oral and written communication skills;
  • Interpersonal and People Skills.