Information System Security Officer

Essential Duties and Responsibilities:- Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team.- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.- Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility.- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.- Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions.- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.- Promotion of Information Security awareness through various communication channels within the organization.- Collaborate with the Information Security team members on process improvements, secure design and recertification of assets.• Identify potential security control gaps by reviewing evidence provided by stakeholders, system generated reports and/or control implementation statements.• Perform risk assessments using vulnerability management and application security testing reports.• Initiate formal security exception process, when required.• Develop Plan of Action and Milestones (POA&M) as necessary. Minimum Requirements- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.- Bachelor’s degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience.• US Citizenship is REQUIRED per contract/client.• At least one of the following certifications is REQUIRED: CISSP (preferred), CISA or CISM• Experience with NIST 800-53 is REQUIRED• HIPAA experience is required• Experience with Cloud providers, such as Azure and AWS• Knowledge of any of the following security frameworks is preferred: IRS 1075, CMS MARS-E/ARC-AMPE, PCI-DS

Apply tot his job

Apply To this Job