Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.
We are looking for an Information Systems Security Officer (ISSO) to support the Government’s inventory of on-premise, vendor, and cloud-based systems. These systems are a combination of varying complexities at the Moderate and Low impact levels. The ISSO will assist federal staff in identifying and assessing new systems in accordance with NIST SP 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations.
Position requires a hybrid commute to Washington, DC 2-3 times per week.
Responsibilities:
- Ensure that the appropriate operational cybersecurity posture is maintained for Government systems to provide confidentiality, integrity, and availability of information systems.
- Support systems owners to develop, update and maintain the System Security Plan (SSP) for assigned systems.
- Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems.
- Develop standard operating procedures in accordance with security control requirements.
- Perform continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
- Work with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT systems.
- Conduct self-assessments of security controls, identify weaknesses, and track remediation activities in Plan of Action and Milestones (POA&M).
- Manage the POA&M process for designated IT systems to provide timely detection, identification, and alerting of non-compliance issues.
- Provide the required system access, information, and documentation to security assessment and audit teams.
- Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.
- Complete required A&A activities on assigned IT systems.
Qualifications:
- TDI does work with the Federal government which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States
- Bachelor’s degree in Computer Science, Engineering, or a related technical discipline with 5+ years experience. In lieu of a bachelor’s degree, at least four (4) years of IT security experience is required.
- Demonstrated experience (5+ years) performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization of such systems.
- Strong working knowledge and familiarity with NIST publications.
- Demonstrated experience using a GRC tool executing A&A activities.
- Current and maintained certification in one or more of the following IT Security disciplines: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
- Ability to effectively communicate both orally and in writing (to include technical documentation).
- Ability to communicate effectively with technical and non-technical users.
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States."TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."