Req

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now...

We are currently seeking a Information Security Specialist Advisor to join our team in Arlington, Virginia (US-VA), United States (US).

Description:

The ISSO is the component official assigned by the Authorizing Official or other senior management for ensuring the appropriate operational security posture is maintained for an information system or program. The ISSO also serves as the principal advisor to the Authorizing Official and Information System Owner on all matters (technical and otherwise) involving the security of the information system.

The Cloud Information Systems Security Officer (ISSO) will work with government and industry customers to provide cyber security expertise for a Cloud Infrastructure (CI) program.

The Cloud Information System Security Officer (ISSO) is responsible for the overall handling of information assurance expertise for a large, complex IT infrastructure program. Systems are deployed using a public cloud service provider(s) and/or on-premises cloud service provider to deliver advanced capabilities to the Federal government using IaaS, PaaS, and SaaS service models. The candidate will be responsible for:

Duties:

• Create the Body of Evidence (BOE), Security Control Traceability Matrix (SCTM), and other cyber security program artifacts while working toward RMF-compliant security control inheritance.

• Apply knowledge of commercial and classified government cloud environments to strategize and conduct rigorous cyber security assessments on a developmental CI platform-as-a-service.

• Support CI assessment and authorization (A&A) events as the senior cyber security expert

• Providing subject matter expertise and consulting on security related matters for enterprise information system and network architectures, access problems, and implementation of security policies and procedures.

• Ensuring secure access and protecting against unauthorized access, modification, or destruction of data.

• Demonstrating a familiarity with a variety of security concepts, practices, and procedures.

• Performing a variety of tasks and working under general supervision.
Functional

Responsibilities:

The candidate may perform any or all the following:

• Oversees and manages day-to-day operation of Information Systems.

• Optimizes system operation and resource utilization and performs system capacity planning/analysis while maintaining the security posture.

• Performs system security analyses on client networks and systems; provides guidance, training, research, and recommendations on client networks and IS; performs security audits, evaluations, and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities; conduct security and internal control reviews of sensitive systems.

• Conducts specific technical reviews to support non-standard operational requirements and systems; design, develop, and maintain unique security tools and techniques for conducting security assessments; provide advanced technical computer and communications security assistance; provide expert assistance and recommendations in the field of Information Assurance and Cybersecurity.

• Conducts security assessments, security authorizations, and evaluations of applications and systems processing sensitive or classified information; develops requirements and specifications for reviewing and approving procurement requests, major systems development activities, telecommunications and teleprocessing hardware and software, and hardware and software encryption techniques on the basis of security concerns; and assesses technology to ensure that security vulnerabilities are identified and remediated.

• Develops and maintains IT security documentation, including system security plan, risk assessment, Plan of Action, and Milestones (POA&M), contingency plan, incident response plan, IT security policies and procedures, etc.

• Assisting in the identification, implementation, and assessment of the common controls.

• Assisting in developing and updating the SSP, and coordinating with the Information System Owner, any changes to the information system and assessing the security impact of those changes.

• Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package.

• Reporting all incidents.

• Monitoring system recovery processes and ensuring the proper restoration of information system security features.

• Performing annual assessments, at a minimum, on an annual basis to ensure compliance with DEA policy and standards.

• Serving as member of Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented.

• Ensuring…
Arlington VA USA

Salary Criteria