empty

Information Security System Officer

Mobius

Job Description

Posted on: 
November 24, 2024

Summary and company overview

Mobius is an award winning, Small Business Administration (SBA) certified Historically Underutilized Business Zone (HUBZone) company and certified Woman-Owned Small Business (WOSB) providing engineering, analytical, and programmatic expertise to the Federal Government and commercial customers. Our mission is to provide innovative advanced technology solutions to customers facing issues of national and global significance. We strive to be admired for excellent people, fair and honest partnership, innovative problem solving, and exceptional performance.

Come join us! We are seeking a qualified and experienced Information Systems Security Officer (ISSO) to join our team. The ISSO will be responsible for ensuring the confidentiality, integrity, and availability of our company’s information systems and data. This role involves implementing security policies, procedures, and controls, as well as monitoring and assessing the security posture of our IT infrastructure. The ideal candidate will have a strong background in cybersecurity, risk management, and compliance standards.

Responsibilities

  • Verify the implementation of the information system security program as delegated by the ISSM in support of NIST (800-53), FISMA compliance.
  • Implement and maintain security controls in accordance with the System Security Plan (SSP) and organizational policies.
  • Develop, document, continuous monitoring strategies, and compliance with the information system security program, ensuring alignment with CSA-provided guidelines for management, operational, and technical controls and informing ISSM of results and corrective action plans.
  • Conduct formal and informal vulnerability and risk assessments, scans throughout the system lifecycle and develop and manage Plans of Action and Milestones (POA&Ms) for identified security weaknesses that can affect the ATO.
  • Update risk assessments and the Security Plan as necessary to reflect changes in the system or environment and maintain accurate system documentation and configuration logs to reflect current and prior configuration baselines.
  • Conduct self-inspections and verify corrective action plan with ISSM, participate in annual assessments and compliance inspections.
  • Track and document information system security incidents, providing input for weekly incident response reports.
  • Ensure processes are in place to manage user access, including authorization of system access, and regular validation of access rights, deactivate unused or inactive accounts in a timely manner and maintain account documentation.
  • Ensure the use of authentication mechanisms at the highest classification level or cryptographic mechanisms compliant controls are employed to protect systems.
  • Separate user functionality from information system management functionality to maintain policy requirements and system security.
  • Ensure patches and updates for all software and hardware remain current and compliant with policy and customer standards.
  • Ensure all system users receive annual security awareness training, and that role-based training is conducted as necessary.
  • Brief users on their responsibilities regarding information system security before granting system access.

Job Requirements

Educational Requirements:

  • 5 years of experience in Information Security, with a preference for a B.S. in IT or Information Security (or 2 additional years of relevant experience in lieu of a degree).
  • Knowledge of information security engineering, design concepts and principles.
  • Recent experience working with a federal customer and NIST, FISMA, and other relevant security frameworks and standards to include STIG compliance.
  • Knowledgeable with the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies.
  • Knowledge of vulnerability assessment tools (NESSUS, STIG Viewer etc.) and analyzing the reports generated from these assessments.
  • Must have excellent written communication skills as the candidate's job will include written interaction with senior- level executives and Government customers.
  • Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-Tasking Ability.
  • Proven experience in information security management, risk assessment, and incident response.

Preferred Qualifications:

  • Industry certifications, such as CISSP, CAP, Security+ certifications are preferred.
  • Exceptional interpersonal and verbal communication skills, with the ability to collaborate well across teams and organizations.
  • Excellent analytical, problem-solving, and communication skills.
  • Experience with eMASS/DAAPM, JSIG for collateral and special access program and sensitive compartmented information classified systems.

Additional commentary

Clearance Requirement:

  • Active Top-Secret clearance, with current SCI eligibility

Mobius Benefits: Mobius offers a stable work environment, a competitive salary, and a comprehensive benefits package, which includes medical, dental and vision plans, 401k Plan, Flexible Work Schedules, Tuition Reimbursement, Paid Leave and much more.

Mobius is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity Employer/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

Summary and company overview

Mobius is an award winning, Small Business Administration (SBA) certified Historically Underutilized Business Zone (HUBZone) company and certified Woman-Owned Small Business (WOSB) providing engineering, analytical, and programmatic expertise to the Federal Government and commercial customers. Our mission is to provide innovative advanced technology solutions to customers facing issues of national and global significance. We strive to be admired for excellent people, fair and honest partnership, innovative problem solving, and exceptional performance.

Come join us! We are seeking a qualified and experienced Information Systems Security Officer (ISSO) to join our team. The ISSO will be responsible for ensuring the confidentiality, integrity, and availability of our company’s information systems and data. This role involves implementing security policies, procedures, and controls, as well as monitoring and assessing the security posture of our IT infrastructure. The ideal candidate will have a strong background in cybersecurity, risk management, and compliance standards.

Apply now