Information Security Systems Officer – ISSO

Job Description: • Provide security support for DOJ’s external customers, ensuring an appropriate operational security posture for information systems. • Work closely with the Director of Information System Security to advise on cybersecurity policies, compliance, and risk management while supporting the ongoing security of DOJ/OIG systems. • Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results. • Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies. • Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA). • Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM. • Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts. • Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies. • Monitor and execute operations and maintenance of information systems, including secure system disposal. • Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans. • Conduct vulnerability scans, review security reports, and implement remediation strategies. • Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools. • Ensure all security assessment and audit reports are properly uploaded in CSAM. • Participate in configuration management processes, policy audits, and system log reviews. • Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks. Requirements: • Minimum 5 years of experience as an ISSO. • Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience). • Security+ or equivalent/higher-level certification (current). • Strong understanding of Information Security Policies and Procedures. • Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance. • Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies. • Proficiency in security tools, risk assessments, and vulnerability management. Benefits: • Equal Opportunity Employer • E-Verify Employer Apply tot his job