Information System Security Officer (ISSO) - Reveille Group

Come join our team! Reveille provides a full benefits package include medical/dental/vision, FSA, paid time off, commuting reimbursement, 401K / matching, Wellness subsidies, LTD/STD/AD&D insurance, and salary + incentive (bonus) compensation. We're a team of strategically-minded consultants who focus on prioritizing a work-life balance.

Reveille Group is a strategic advisory consulting firm with offices in Washington, DC. We are focused on providing our diverse clients with innovative solutions including technical analysis and development. We are looking to bring on an integral team member to provide support for an existing project. You will function as an IT PMO Business Analyst of a major system for a federal agency.

Role Description

The United States Agency for International Development (USAID) supports critical systems. The USAID's Bureau of Management, Office of the Chief Information Officer (M/CIO) seeks advisors to provide expertise and support as Information System Security Officer (ISSO) for various systems. System may be in the Pre-ATO or Post-ATO state during the lifecycle of support.

These resources will work directly with the Government Information Technology Operations (ITO) Technical Lead and business
owners for various USAID systems/applications. The ISSO will develop, implement, and maintain security policies, procedures, and standards to protect the organization's informationassets from unauthorized access, use, disclosure, disruption, modification, or destruction in accordance
with USAID policy and National Institute of Standards and Technology (NIST) guidance and standards.

Key responsibilities include:

• Perform Continuous Monitoring activities in accordance with the USAID and NIST Continuous
  Monitoring requirements. Support includes creation of new documents and update of existing
  documents mentioned in the Documents section.
• Support the system owner and/or project team in incorporating the applicable system security
  and privacy requirements to include, but not limited to, defining and documenting system
  specific requirements and making recommendations for technical, operational, or administrative
  implementations.
• Collaborate with the system owner, project team and the Information Assurance (IA) Division to
  ensure that system security requirements are identified, documented, constructed and validated
  throughout the project life cycle.
• Coordinate with the system owner and project team to identify, document, and mitigate
  (resolve) system security issues found during iterative testing cycles, audits or continuous
  monitoring activities.
• Coordinate with the system owner and project team to establish and document processes for
  audit log management/review, account management, separation of duties and configuration
  management and to complete all documents defined in the Documents section below.
• Serve as a key point-of-contact between the IA Division and the project team and/or system
  owner before, during and after audit and assessment activities. 
• Coordinate with IA representatives to obtain current templates needed to generate required artifacts.
• Perform security assessment to facilitate the Authorization to Operate or ATO.
• Develop system security assessment and authorization documentation, coordinate review ofthose artifacts by the project team, system owner, and IA Division; and work closely with the project manager and/or system owner to ensure timely approval of those artifacts by the approving personnel.

The ISSO duties and responsibilities include, but may not be limited to:

1) Ensuring that security requirements for the major application or general support system
are being or will be met.
2) Ensuring that requests for Security Assessments and Authorizations (SA&A) of computer
systems are completed in accordance with the published procedures.
3) Providing appropriate level of support for SA&A activities.
4) Supporting continuous monitoring testing and other activities.
5) Assist in the management of the plan of actions and milestones (POA&M).
6) Maintaining an inventory of hardware and software required for the system.
7) Coordinating the development of a Contingency Plan and ensuring that the plan is tested
annually and maintained.
8) Ensuring risk analyses are completed to determine cost-effective and essential
safeguards.
9) Ensuring preparation and update of security plans for information systems; major
applications and networks as assigned.
10) Attending or completing required security awareness and role-based training and
distributing security awareness information to the system user community as
appropriate. Assist the IA Division with tracking and reporting training completion.
11) Reporting IT security incidents (including computer viruses not contained by antivirus
software) in accordance with established procedures.
12) Reporting security incidents not involving IT resources to the appropriate security office.
13) Providing input to appropriate IT security personnel for preparation of reports to internal
and external authorities.
14) Facilitating signatures on memorandums of agreement, interconnection security
agreements or other documents as applicable.
15) Ensuring that user accounts are managed according to USAID ADS 545 and the ISSO
Handbook.
16) Ensuring that audit logs are reviewed and appropriate actions are taken if there is any
evidence or suspicion of inappropriate or unauthorized activity in accordance with the
ADS 545 and the ISSO Handbook.

Qualifications

Expertise or familiarity with the following Security Policies, Regulations and/or Frameworks:

• Federal Information Security Modernization Act (FISMA)
• Privacy Act of 1974
• NIST 800 Special Publication Series (i.e., 800-53r4, 800-53Ar4, 800-37r1, etc.)
• Federal Risk Authorization and Management Program (FedRAMP)
• NIST Cybersecurity Framework
• OMB Circular A-130
• USAID ADS 545, Information Systems Security

Required Skills and Experience

• Be experienced in performing system analysis, system audits, system monitoring, security
  control assessment/testing (or security test & evaluation), risk management, incident response.
• Have working knowledge of various hardware platforms and software applications
• Must be able to work independently and demonstrate strong initiative and an ability to organize daily tasks with minimal supervision.
• Possess strong communication skills (oral and written) as well as the ability to interact well with team members and various levels of management.
• Experience with the Risk Management Framework (RMF) process and Agile System Development Life Cycle
• Be committed to results and success in accomplishing goals, as well as a fast learner with
  demonstrated ability to understand unique system requirements and adapt to change.
• Proficient with all Microsoft Suite and Google Suite tools
• Ability to align detailed tasks with the big picture.
• Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences.
• Proficient to handle multi-tasking and ability to prioritize (teams) tasks independently based on Organizations priorities.
• Ability to manage various stakeholders (technical and non-technical) and collaborate with others to achieve common goals.
• US Citizenship with eligibility for a security clearance – Secret active clearance preferred.
• Note: this position is based out of Washington, DC. The role allows for telework/remote work. However, meetings may arise that require onsite attendance in Washington, DC. You may not live outside the contiguous United States.

Preferred Skills and Experience

• Advanced written and verbal communication skills.
• Active security clearance, Secret level or higher.