Goldbelt Hawk, LLC is a small, but growing 8(a) certified Small Disadvantaged Business located in Newport News, Virginia with a satellite office in Alexandria, VA. We provide diversified support services to Federal customers. Goldbelt Hawk has an immediate need for a TS/SCI cleared Information Systems Security Officer (ISSO) in support of a 5-year contract in Washington, DC.
Responsibilities and Duties:
- Perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) on behalf of a federal civilian agency as a contractor
- Conduct cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
- Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
- Identify potential risks associated with system configurations and advise on mitigation strategies
- Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
- Assist to estimate Level of Effort (LOE) involved in performing A&A activities
- Assist to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
- Assist customer program offices in interpreting and applying mitigation strategies
- Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
- Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
- Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
- Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
- Maintain cybersecurity policy and processes as assigned
- Manage and track systems or programs involved in the A&A process.
- Develop and implement security related directives and guidance for Information Assurance; Information Technology; and Information Management;
- Promote an environment of continuous process improvement, learning and team collaboration
- Must possess a Bachelor’s degree in a related field
- Must possess a Top Secret/SCI Personnel clearance.
- 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
- One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)
- Familiar with information security and assurance principles and associated supporting technologies
- Excellent customer service, organizational, and writing skills
Certified Information Security Manager
Giac Certified Incident Handler
Giac Security Leadership Certification
Giac Security Essentials Certification