Information System Security Officer (ISSO III)

Position Description:

Were looking for Information System Security Officers (ISSO III) candidates ready to step into a mission-critical role supporting Navy cybersecurity and information assurance operations. This is a high visibility opportunity to lead Risk Management Framework (RMF) lifecycle activities guide vulnerable remediation efforts and directly contribute to system Authority to Operate (ATOs) across a complex enterprise Department of Defense (DoD) environment. Youll work alongside seasoned Information System Security Managers (ISSMs) engineers and compliance professionals to strengthen Navy systems ensure audit readiness and enable mission assurance. If youre a self-starter with hands-on RMF experience strong writing skills and the drive to make an impact this is the role for you. Join CGI and secure the mission from day one.

This position is located in Philadelphia PA. 90% onsite (1 day per week remote)
Due to the nature of this government contract US Citizenship is required with the ability to obtain and maintain an Active DOD Secret Clearance is Required.

Your future duties and responsibilities:

.Assist Information System Security Managers (ISSMs) in executing their cybersecurity responsibilities.
.Ensure full compliance with NAVSEA Department of the Navy (DON) and Department of Defense (DoD) cybersecurity policies.
.Maintain up-to-date cybersecurity policy and procedural documentation ensuring accessibility to authorized personnel.
.Coordinate and manage cybersecurity processes and activities for assigned systems.
.Track and report the status of Assess Only (AO) and Assessment and Authorization (A&A) activities to Program Managers Information System Owners and ISSMs.
.Provide oversight of Security Plans for assigned systems throughout their lifecycle.
.Manage and maintain Plan of Actions and Milestones (POA&Ms) ensuring vulnerabilities are documented tracked mitigated and remediated where feasible.
.Support identification of appropriate security control baselines and overlays.
.Coordinate validation of security controls with Navy Qualified Validators (NQVs).
.Conduct Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
.Adjudicate findings submitted by the Package Submitting Officer (PSO).
.Register and maintain cybersecurity system data within the Enterprise Mission Assurance Support Service (eMASS).
.Plan and coordinate testing of security controls during risk assessments and annual security reviews.
.Report changes in system security posture to the ISSM.
.Execute Continuous Monitoring activities in alignment with the System Level Continuous Monitoring (SLCM) Strategy.
.Review data from Continuous Monitoring update eMASS records accordingly and escalate issues to leadership when necessary.
.Correlate findings from vulnerability assessmentsincluding Developmental Testing (DT) Operational Testing (OT) penetration testing and Command Cyber Operational Readiness Inspections (CCORI)to RMF controls to ensure comprehensive risk management.
.Participate in change control and configuration management proces

Required qualifications to be successful in this role:

Bachelors degree in computer science information technology communications systems management or an equivalent science technology engineering & mathematics (STEM) degree from an accredited college or university.
Six (6) years of experience coordinating and enacting required security changes within various levels of an organization ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets initial investigation and data collection through status updates/reporting.

Desired qualifications/non-essential skills required:
.Advanced Certifications such as CISSP CRISC CASP CEH or AWS/Azure security certifications demonstrating specialized cybersecurity knowledge beyond baseline requirements
.Experience with Navy cybersecurity environments particularly NAVSEA including familiarity with their unique RMF workflows eMASS conventions and VRAM usage
.Prior support to Navy Qualified Validators (NQV) or direct experience participating in security control validation activities
.Experience leading RMF packages through the full lifecyclefrom categorization and control selection through assessment authorization and continuous monitoring
.Hands-on knowledge of eMASS VRAM ACAS and HBSS (or equivalent DoD tools) for continuous monitoring and vulnerability remediation
.Familiarity with CCORI or CCRI preparations and inspections including previous participation in Navy or DoD cyber readiness events
.Strong technical writing skills for drafting and maintaining SSPs POA&Ms SOPs SLCM Strategies and other RMF-related documentation
.Working knowledge of Security Technical Implementation Guides (STIGs) and tools such as STIG Viewer SCAP Compliance Checker and Nessus
.Experience coordinating with developers system owners and network engineers to remediate vulnerabilities and implement security controls
.Knowledge of DoD Cloud Security Requirements Guide (SRG) and experience supporting ATO packages for cloud-hosted environments (e.g. AWS GovCloud Azure IL4/IL5)
.Agile or DevSecOps environment experience including continuous integration pipelines and automated security testing
.Demonstrated success working in multi-contractor environments coordinating with multiple stakeholders and supporting large system portfolios
.Strong interpersonal and communication skills with ability to brief technical findings to senior leadership and non-technical audiences

CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set level experience relevant training and licensure and certifications. To support the ability to reward for merit-based performance CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $120800.00 - $190200.00.

CGI Federals benefits are offered to eligible professionals on their first day of employment to include:
.Competitive compensation
.Comprehensive insurance options
.Matching contributions through the 401(k) plan and the share purchase plan
.Paid time off for vacation holidays and sick time
.Paid parental leave
.Learning opportunities and tuition assistance
.Wellness and Well-being programs
#CGIFederalJob
#LI-MG4

Skills:

• Cyber
• English
• IT Security
• Security Architecture

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our teamone of the largest IT and business consulting services firms in the world.

Qualified applicants will receive consideration for employment without regard to their race ethnicity ancestry color sex religion creed age national origin citizenship status disability pregnancy medical condition military and veteran status marital status sexual orientation or perceived sexual orientation gender gender identity and gender expression familial status or responsibilities reproductive health decisions political affiliation genetic information height weight or any other legally protected status or characteristics to the extent required by applicable federal state and/or local laws where we do business.

CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S. please email the CGI U.S. Employment Compliance mailbox at . You will need to reference the Position ID of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a Position ID will not be returned.

We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.

All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held. Dependent upon role and/or federal government security clearance requirements and in accordance with applicable laws some background investigations may include a credit check. CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.

CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about discussed or disclosed their own pay or the pay of another employee or applicant. However employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information unless the disclosure is (a) in response to a formal complaint or charge (b) in furtherance of an investigation proceeding hearing or action including an investigation conducted by the employer or (c) consistent with CGIs legal duty to furnish information.