Information System Security Officer (ISSO) (TS/SCI)

DirectViz Solutions (DVS) is a dynamic and rapidly growing government contractor committed to delivering innovative IT solutions that address the missioncritical needs of our government clients. Through the expertise and dedication of our talented team we provide cuttingedge technology services designed to achieve success and exceed expectations.

At DVS we prioritize our employees as our greatest asset. We offer competitive compensation comprehensive medical benefits a 401(k) match generous PTO accrual professional development reimbursement corporatefunded technology certifications and robust employee recognition and appreciation programs.

We are seeking a highly skilled Information System Security Officer (ISSO) to work in Washington DC.

Job Summary:

Responsible proactively review update and maintain cybersecurity policy guidance documents directives templates and materials to ensure all documentation reflects and incorporates the most recent version of all cybersecurity program documentation. The Contractor with direction shall provide Cyber security and Privacy requirements and guidance including but not limited to the following:

• Provide a qualified and stable workforce submitting prevetted and completed Security Clearance Package for all proposed personnel.
• Provide meeting support and documentation The Contractor shall provide administrative and technical support for meetings as required. The Contractor shall coordinate scheduling and meeting notifications including the preparation of briefing slides agendas handouts and other supplementary materials at least 24 hours in advance. Prepare and distribute meeting minutes including action items/tasking/due outs and responsibility matrix for all meetings with manager by COB same day as requested by the Project Lead. All action items shall be clearly delineated with due dates and task owners.
• Monthly status meeting The Contractor shall facilitate a Monthly status meeting as described in the Deliverables Schedule.
• The Contractor shall provide a Monthly Status Report (MSR) as described in the Deliverables Schedule.
• Develop edit format and modify cybersecurity documentation including policies standards procedures user manuals and other related materials ensuring consistency in formatting language and structure across all documentation.
• Provide a gap analysis with recommendations for improvement of existing Cyber security policies handbooks standards and procedures and recommend disposition (i.e. continued use as is needs revision or rescind)
• Perform inventory review and update plan with schedule monthly.
• Delivery of Authority to Operate (ATO) packages to CISO/ITSO and CIO as required.
• Conduct IT Checklist Risk Assessments ensuring that IT Checklist Risk Assessments are conducted for all acquisition checklists. This process should be integrated into the overall risk management framework and should inform the development and updating of cybersecurity policies and procedures.
• The Contractor shall provide overall subject matter expertise to the Information Security Assessment and Authorization (A&A) program specifically Information System Security Officer (ISSO) support for National Security System.
• Provide specific guidance and technical expertise in the form of standards policies procedures and oversight for the DOC A&A program
• Create review and update the Privacy Threshold Analysis (PTA).
• Create review update as applicable provide recommendations based on analysis the Privacy Impact Assessments (PIA).
• Create review update as applicable and provide recommendations based on analysis for Third Party Application as required.
• Create review update as applicable and provide feedback on application of security requirements (e.g. TRB SSPs RAs contingency plan incident response plan continuous monitoring plan FIPS POA&M reports etc).
• Create review analyze update as applicable all system artifacts for accuracy completeness in support of an authority to operate (ATO) requests
• Create or Review ATO packages prior to submission to CISO and CIO approval.
• Ensure all assessment and audit reports are uploaded properly to the appropriate DOC Governance Risk and Compliance (GRC) tool
• Assist in Plan of Actions and Milestones (POA&M) update and remediation. In addition conduct reviews of requests for closures for completeness and compliance.
• Develop and support the ongoing authorization (OA) process that includes continuous monitoring.
• Keep the System Security Plan accurate and up to date to include drafting/developing network topology
• Maintain a Moderate or better security rating
• Provide expert technical and security support services to accomplish the Accreditation and Authorization (A&A) of Information System(s)
• Develop review and provide feedback on application of security requirements (e.g. TRB review of SSPs RAs contingency plan POA&M reports).
• Responsible for managing and implementing remediation of identified weaknesses.
• Ensure that the system complies with Federal Information Systems Modernization Act (FISMA) Federal Information Processing Standard Publication 199 (FIPS 199) and NIST 80053 rev 5 or latest series/revision.
• Ensure that systemrelated documentation is archived in accordance with departmental policies and procedures on records management.
• Provide security testing and evaluation of National Security System which includes vulnerability scans and a limited amount of scanning analysis support as required in support of inclusion into the OCIO system boundary.
• Ensure that the Customer Responsibility Matrix (CRM) listed as part of the Customer Implementation Summary (CIS) is addressed accordingly.
• Create review update change management plan as required
• Create review update change and test contingency plan as required
• Create review update change and test incident response plan as required
• Provide demonstrated subject matter expertise in Enterprise Mission Assurance Support Service (eMASS) performing the following tasks:
  • Review security assessments and upload relevant documentation to eMASS
  • Manage Plans of Action and Milestones (POA&Ms) including creating POA&M reports and closure of POA&Ms
  • Develop eMASS administration skills manage user accounts and provide 1on1 training to users
  • Generate reports and ensure eMASS compliance.
  • Collaborate with stakeholders including Information System Security Officers (ISSOs) to update data in eMASS
• Work closely with all relevant stakeholders to complete data calls and gather necessary information for the development review and updating of cybersecurity documentation. This may involve coordinating with various teams conducting interviews and collecting data from multiple sources.
• Manage SharePoint of GRC Folders performing the following tasks:
  • Maintain and organize the SharePoint folders for the Cyber Security Teams Governance Risk and Compliance (GRC) documentation.
  • Ensure proper access controls and permissions are set for the relevant stakeholders.
  • Implement a folder structure and naming conventions that facilitate easy navigation and retrieval of documents.
  • Regularly review and archive outdated or obsolete documents to keep the folders organized and up to date.

Required Qualifications:

• Bachelors Degree AND minimum of two (2) years of eMASS experience AND Minimum of four (4) years of preparing SA&A package or ATO package OR three (3) years of eMASS experience AND Minimum of five (5) years of preparing SA&A package or ATO package
• Must possess one of the following (CISA GIAC Certified Incident Handler (GCIH) GIAC Information Security Expert (GSE) GIAC Security Leadership (GLSC) Security Certified Network Architect (SCNA) Certified Information Security Manager
• Active Top Secret with eligibility to obtain Sensitive Compartmented Information Facility Clearance

If you thrive on solving complex problems and building meaningful connections wed love to hear from you. Join our team and make an impact today!

Physical and Mental Qualifications:

• Maintain focus and awareness throughout scheduled working hours.
• Perform tasks requiring prolonged periods of sitting or standing at a desk utilizing a computer mouse and keyboard.
• Lift and move objects weighing up to 15 pounds as needed.
• Exhibit excellent verbal and written communication skills with a strong command of the English language.
• Demonstrate the ability to work independently while also collaborating effectively as part of a team.
• Quickly learn and retain routine tasks and processes.
• Possess strong organizational skills attention to detail business correspondence proficiency and selfmanagement capabilities.
• Perform the essential functions of the role satisfactorily; reasonable accommodation will be provided for employees with disabilities upon request.
• Accept and adapt to additional responsibilities or changes to assigned duties as determined by DirectViz Solutions (DVS).

DirectViz Solutions LLC (DVS) is an equal opportunity employer who prohibits discrimination and harassment against any employee or applicant for employment based on race sex (including pregnancy) age gender identity creed religion national origin sexual orientation marital status genetic information disability political affiliation protected veteran status or any other status protected by federal state or local law.

DVS has a zerotolerance policy for harassment threats coercion discrimination and intimidation. Employees may file a complaint or exercise any right protected by Executive Order 11246 Section 503 of the Rehabilitation Act of 1973 as amended Section 4212 of the Vietnam Era Veterans Readjustment Assistance Act of 1974 or the Veterans Employment Opportunities Act of 1998.

Required Experience:

Unclear Seniority