Information System Security Officer - ARK Solutions, Inc.

Position : Information Systems Security Officers

Long term Contract until 09/2029

Washington, DC (Hybrid - 3 days a week onsite)

Education: Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.

Day-to-day Responsibilities:

•Participate in planning and management of all phases of the House Risk Management Framework (RMF) Security Assessment and Authorization (A&A) process.

•Complete required A&A activities on assigned IT systems.

•Ensure that the appropriate operational cybersecurity posture is maintained for assigned Chief Administrative Officer (CAO) systems to provide confidentiality, integrity, and availability of information systems.

•Perform continuous monitoring of implemented security controls to ensure that they are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems. Conduct continuous monitoring activities, to include:

o Maintenance of current ATO

o Conducting periodic system self-assessments

o Review periodic vulnerability scan reports and compliance reports

o Ensure stakeholders are performing system log reviews as defined in the SSP

o Ensure assigned IT system user accounts are periodically reviewed for accuracy and completeness

• Work with technical teams to mitigate security control deficiencies and vulnerabilities for assigned IT systems.

• Assess the cybersecurity impact of changes to assigned IT systems and document findings in a SIA report and brief stakeholders.

• Conduct self-assessments of security controls, identify weaknesses and track remediation activities in POA&M.

• Manage the POA&M process for designated IT systems to provide timely detection, identification and alerting of non-compliance issues. In coordination with SO staff, create POA&Ms or remediation plans for vulnerabilities identified during risk assessments, audits, inspections, etc.

• Provide the required system access, information, and documentation to security assessment and audit teams.

Required Skills:

"5-7 years of demonstrated experience performing systems security assessments.

Risk Management Framework (RMF), System Security Plan (SSP), Plan of Action and Milestones (POA&M), Authorization to Operate (ATO), Security Impact Analysis (SIA), Information Sensitivity Security Assessment, Information Technology Risk Acceptances, Configuration Management Plan, Supply Chain Risk Management Plan, Interconnection Security Agreements, Memorandums of Understanding, Information Data Exchange Agreements, Vulnerability Reports.

• Current and maintained certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required."