Sign upLog in

Information Systems Security Officer

Dunhill Professional Search of Wilmington, Inc.

Oak Ridge, TN

Apply
JOB DETAILS
SALARY
$120,000–$170,000 Per Year
JOB TYPE
Full-time
SKILLS
Access Authorization, Asset Management, Best Practices, Change Control, Communication Skills, Computer Science, Computer Security, Configuration Management, Contingency Plans, Corrective Action, Disaster Recovery, Documentation, Emerging Technology, Enterprise Architecture, Establish Priorities, FISMA - Federal Information Security Management Act, Federal Government, Federal Laws and Regulations, Identify Issues, Incident Response, Information Assets, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Intrusion Detection Systems, Intrusion Detection and Prevention (IDP), Intrusion Prevention Systems, Leadership, Loss Prevention, Maintain Compliance, Penetration Testing, Privacy Impact Assessment (PIA), Regulatory Compliance, Requirements Management, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Software Development Lifecycle (SDLC), Software Patches, Systems Administration/Management, Time Management, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), United States Department of Energy (DOE), Vulnerability Scanners
LOCATION
Oak Ridge, TN
POSTED
20 days ago
The Information System Security Officer (ISSO) plays a critical, dual role in safeguarding OIM's information systems. This position demands a hands-on approach to designing, integrating, and governing the enterprise cybersecurity architecture, while also performing essential ISSO duties for OIM systems and their boundaries. This ensures that every technical solution is secure-by-design and compliant with all DOE and federal requirements. The Architect/ISSO functions as a bridge between technical architecture, day-to-day operations, and governance, acting as both a primary technical authority and a dedicated compliance steward to build and sustain a robust and resilient cybersecurity. The candidate will be involved with Assessment & Authorization and Vulnerability Management teams, including A&A Analysts, A&A Specialists, A&A SMEs, A&A Security Engineers, A&A Architects, Vulnerability Management Analysts, and Vulnerability Management Engineers to deliver the cyber authorization services. Experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53) and GRC tools (e.g. XACTA, ArchAngel, eMASS, CSAM). Develop, implement, and maintain comprehensive information security programs in accordance with federal mandates and agency policies. Oversee the continuous monitoring and improvement of security controls across diverse information systems. Collaborate with system owners and stakeholders to integrate security requirements throughout the system development lifecycle. Conduct thorough risk assessments to identify, analyze, and prioritize security vulnerabilities and threats. Develop and implement risk mitigation strategies and countermeasures to protect sensitive information and critical assets. Track and manage Plans of Action and Milestones (POA&Ms) to ensure timely remediation of identified weaknesses. Ensure strict adherence to federal regulations, such as NIST SP 800-53, FISMA, and agency-specific security directives. Perform ISSO responsibilities for OIM systems and boundaries, serving as the subject matter expert for assigned systems. Advocate for System Owners, coordinating cybersecurity activities and ensuring alignment with DOE policies and federal requirements. Provide regular security briefings to System Owners, ISSMs, and AODRs. Participate in Change Control Board (CCB) meetings, reviewing privileged access requests, risk assessments, and cybersecurity requests. Support and perform internal audits, inspections, and reviews of OIM accreditation boundaries. Support the Authorization to Operate (ATO) process by providing expert guidance and ensuring all required artifacts are complete and accurate. Draft, update, and enforce information security policies, standards, and procedures. Maintain comprehensive security documentation, including system security plans, contingency plans, and configuration management plans. Develop and deliver security awareness training to educate users on best practices and compliance requirements. Evaluate, recommend, and implement security technologies and tools, such as intrusion detection/prevention systems (IDPS), security information and event management (SIEM), and data loss prevention (DLP). Manage and monitor security configurations for operating systems, networks, and applications. Conduct vulnerability scanning and penetration testing to identify and address security weaknesses. Establish and maintain Interconnection Security Agreements (ISAs) and Memoranda of Understanding (MOUs/MOAs) with external partners. Prepare and review security authorization documentation, including Security Plans (SPs), Privacy Impact Assessments (PIAs), and Contingency Plans (CPs). Represent OIM in interagency security working groups and committees. Provide analysis of vulnerability, patch, and configuration data to protect OIM mission systems. Work with System Owners to develop and remediate POA&Ms, prioritizing based on Level of Effort (LOE). Recommend corrective actions for risk assessment issues identified during audits or inspections. Minimum Qualifications Bachelor’s Degree in Computer Science or a related field or equivalent experience; Advanced Degree preferred. 10+ years of experience in cybersecurity architecture, compliance, or ISSO duties. Other Job Specific Skills Deep expertise with SIEM, IDS/IPS, EDR, DLP, ICAM, CDM, and vulnerability management tools. Strong knowledge of DOE cybersecurity policies, FISMA, NIST 800-53, and federal directives. Proven experience drafting and maintaining FISMA artifacts and managing A&A processes. NIST 800-53 Rev 5. Risk Management Framework. CRISC (or equivalent), CISSP, CISM, CISSP-ISSAP, or equivalent. Desired Skills Ability to balance technical architecture with compliance oversight. Strong communication skills for briefings, reporting, and stakeholder engagement. Experience leading audits, inspections, and risk assessments. Expertise in disaster recovery, COOP planning, and incident response. Strategic mindset with adaptability to emerging technologies and evolving threats.

About the Company

D

Dunhill Professional Search of Wilmington, Inc.