Information System Security Officer (ISSO)
Washington D.C. Metro Area
Who we are:
Bixal uses strategic communications, design, and technology to positively transform the lives of people through the work we do for our clients. What distinguishes us is our diverse and global perspective to addressing complex challenges and a single-minded focus on remaining lean and agile.
Bixal is growing. We cultivate top talent in the fields of strategic communications, experience strategy and design, mobile and web application, integrated marketing solutions, data analytics, and instructional design.
What will you do?
You will be given the unique opportunity of leading the certification and accreditation process for a fully cloud-based software development environment. You will be responsible for the overall project management of system security planning, compliance testing, tracking issues, fixing problems, and documenting, documenting, documenting! The ISSO must possess expert level experience and knowledge in strategic planning and information security functions. This position allows you the opportunity to begin security planning, consulting, and implementation activities at the ground level in order to build fully accredited environment and platforms as a service within Amazon Web Services (AWS) and other FEDRamp certified cloud service providers.
- Manage and track security project tasks, including but not limited to security controls development and implementation, security testing and remediation, compliance tracking, and documentation for management and auditing activities.
- Assist in the completion of the accreditation process, as applicable, and help maintain Authorization to Operate (ATO) on multiple projects.
- Participate in the initialization of FEDRamp accredited developer platform and help maintain the products ATO.
- Work with developers and systems administrator to design supportable strategies for maintenance and compliance.
- Lead and participate in the certification and accreditation process for multiple cloud environments.
- Assist incoming cloud projects with certification and accreditation activities.
- Prepare, review, and evaluate compliance documentation.
- Identify alternative and flexible documentation procedures to aid in security compliance efforts.
- Communicate with government clients and Stratus staff to coordinate secure implementation methodologies and practices.
- Perform reviews of security control statuses and work with technical staff to work through POA&Ms.
- Author security documentation for SSP packages and work with designated approvers to move C&A process forward.
- Perform other duties as required
- Bachelor’s degree
- Must be US Citizen or Permanent Resident for 3+ years
- Must be able to undergo, pass, and maintain a Public Trust Security Clearance
- Minimum of 5 years recent experience in a comparable role
- Experience with various Federal compliance publications including NIST FIPS-199, 800-53, 800-171, DFARS, etc
- Mandatory FEDRamp Compliance experience
- Experience building and inputting security artifacts into risk management and compliance systems
- Experience with Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA)
- Experience in selecting, implementing, and auditing security controls, contingency plan, configuration management, etc. based on guidance documents like NIST
- Experience performing security assessment and risk analysis, including log auditing and vulnerability scanning
- Experience developing and maintaining remedial tasks in Plan of Action and Milestones (POA&M)
- Excellent written, verbal, and interpersonal skills. You must speak technology fluently and translate it efficiently. You will be bridging the gap between both technical and non-technical audiences while speaking to each in a language they understand.
- Willingness to embrace emerging technology. You will leverage AWS and its accompanying tools as you help to design, plan, and implement a groundbreaking development environment from the ground up.
- Well-Rounded: You bring in-depth experience across multiple types of environments from a security compliance perspective.
Nice to haves:
- PCI and HIPAA experience.
- Experience with applications that have been deemed High Risk on Cloud Service Providers
- Strong understanding of identity management, and the technology and tooling around IAM challenges.
Perks & Benefits
Competitive base salary
10 paid holidays
Company provided Short-Term Disability
Company provided Life Insurance
401k with employer match
WMATA commuter benefits program
New business referral bonus
Professional development incentives
No recruiters or agencies please. Bixal is an equal opportunity employer and is committed to building a safe, inclusive environment for people of all backgrounds.