Koniag Government Services

Mid-Level Information Systems Security Officer (ISSO) / Control Evaluator

Koniag Government Services$85K — $110K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
  • 4+ years in information security, with at least 2 years as an ISSO or similar role.
  • Experience with NIST RMF including security authorization documentation development.
  • One or more certifications such as CISSP, CAP, or CompTIA Security+.
  • Strong communication skills for technical and non-technical audiences.

Responsibilities

  • Serve as the ISSO for assigned systems, providing security guidance to owners and IT teams.
  • Support the NIST RMF lifecycle, including security categorization and assessments.
  • Develop and maintain security documentation such as SSPs and SARs.
  • Conduct security control assessments and document findings in SARs.
  • Perform continuous monitoring activities, including analyzing security control assessment results.
  • Review vulnerability scan results and coordinate remediation efforts.
  • Liaise with stakeholders for security requirements throughout the system lifecycle.

Benefits

  • Health, dental and vision insurance.
  • 401K with company matching.
  • Flexible spending accounts.
  • Paid holidays.
  • Three weeks paid time off.
Full Job Description
Mid-Level Information Systems Security Officer (ISSO) / Control Evaluator to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled Mid-Level Information Systems Security Officer (ISSO) / Control Evaluator to support the U.S. Small Business Administration (SBA). The ideal candidate is an experienced information security professional with a solid foundation in federal information security requirements, security control assessment, and the NIST Risk Management Framework (RMF). This individual will work closely with SBA system owners, the security authorization team, and senior cybersecurity staff to support the security authorization and continuous monitoring of SBA's information systems, ensuring compliance with applicable federal cybersecurity laws, regulations, and standards. The Mid-Level ISSO/Control Evaluator will support the security authorization and continuous monitoring of SBA's information systems, performing security control assessments, maintaining security authorization documentation, and providing day-to-day information security support to system owners and program teams. Principal responsibilities will include but are not limited to: - Serve as the Information Systems Security Officer (ISSO) for assigned SBA information systems, providing day-to-day information security support, guidance, and oversight to system owners, program teams, and IT staff responsible for the operation and maintenance of those systems. - Support the full NIST Risk Management Framework (RMF) lifecycle for assigned systems, including security categorization, security control selection and tailoring, security control implementation review, security control assessment, security authorization package development, and continuous monitoring activities. - Develop, maintain, and update security authorization documentation for assigned systems, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Risk Assessment Reports (RARs), and other ATO package artifacts in accordance with NIST SP 800-53, NIST SP 800-53A, and SBA security requirements. - Conduct security control assessments and evaluations for assigned systems, applying NIST SP 800-53A assessment procedures to evaluate the design, implementation, and operational effectiveness of security controls, and documenting findings and recommendations in Security Assessment Reports (SARs). - Support the development and maintenance of POA&M items for assigned systems, tracking identified security weaknesses, compliance deficiencies, and audit findings, coordinating with system owners and IT teams on remediation activities, and updating POA&M status on a regular basis. - Perform continuous monitoring activities for assigned systems, including the review and analysis of security control assessment results, vulnerability scan findings, configuration compliance results, and other security-relevant data to assess the ongoing security posture of assigned systems. - Review and analyze vulnerability scan results from tools such as Nessus, Tenable.io, or equivalent platforms for assigned systems, assessing the severity and exploitability of identified vulnerabilities, coordinating remediation activities with system owners, and tracking remediation progress. - Support the preparation and submission of security authorization packages to the Authorizing Official (AO) and Authorizing Official Designated Representative (AODR), ensuring all required documentation is complete, accurate, and meets SBA and federal standards. - Collaborate with system owners, developers, and IT operations teams to ensure security requirements are implemented and maintained throughout the system lifecycle, providing technical guidance on the implementation of NIST SP 800-53 security controls. - Review and assess proposed system changes, configuration changes, and new technology deployments for assigned systems, evaluating potential security impacts and documenting findings and recommendations in accordance with SBA's change management and configuration management processes. - Support incident response activities for assigned systems, coordinating with the SOC and incident response team to ensure timely reporting, documentation, and resolution of security incidents affecting assigned systems. - Develop and maintain system-level security documentation beyond the core ATO package, including configuration management plans, incident response plans, contingency plans, and security awareness training records, ensuring all documentation remains current and accurate. - Assist in preparing for and supporting third-party security assessments, OIG audits, and other external evaluations of assigned systems, coordinating the collection and review of required evidence and supporting documentation. - Provide security guidance and consultation to system owners and program teams on security-related matters affecting assigned systems, including the security implications of proposed changes, new technology adoption, and evolving federal security requirements. - Contribute to the continuous improvement of SBA's security authorization and continuous monitoring program, identifying opportunities to enhance efficiency, documentation quality, and overall security posture across the system portfolio. Education and Experience: Required: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, or a related field from an accredited college or university. - 4+ years of progressive experience in information security, with at least 2 years of dedicated experience as an ISSO, security control assessor, or security authorization specialist supporting federal information systems. - Demonstrated experience supporting the NIST RMF process, including the development and maintenance of security authorization documentation (SSPs, SARs, POA&Ms) for federal information systems. - One or more of the following certifications: - Certified Information Systems Security Professional (CISSP) - Certified Authorization Professional (CAP) / ISC2 Certified in Governance, Risk and Compliance (CGRC) - CompTIA Security+ - GIAC Security Essentials (GSEC) - Certified Information Security Manager (CISM) Desired: - Master's degree in Cybersecurity, Information Assurance, Information Technology, or a related field. - 6+ years of information security experience, with a strong background supporting federal civilian agency ISSO and security authorization activities. - Prior experience supporting SBA or other federal civilian agency ISSO or security control assessment programs. Required Skills and Competencies: - Strong communication skills in English - both written and oral - with the ability to clearly communicate security control assessment findings, authorization status, and security recommendations to both technical and non-technical audiences, including system owners, program managers, and senior security leadership. - Solid working knowledge of the NIST Risk Management Framework (RMF) process, including all six steps of the RMF lifecycle (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) and their application to federal information systems. - Proficiency in developing and maintaining federal security authorization documentation, including SSPs, SARs, POA&Ms, RARs, and other ATO package artifacts, in accordance with NIST SP 800-53, NIST SP 800-53A, and federal agency security requirements. - Working knowledge of NIST SP 800-53 security and privacy controls, including the ability to interpret control requirements, assess control implementation, and document control effectiveness findings in SARs and related assessment artifacts. - Experience conducting security control assessments using NIST SP 800-53A assessment procedures, including the development of security assessment plans (SAPs), execution of assessment activities, and documentation of assessment findings and recommendations. - Familiarity with vulnerability management concepts and tools, including the ability to review and analyze vulnerability scan results from platforms such as Nessus or Tenable.io, assess vulnerability severity and exploitability, and support remediation tracking activities. - Knowledge of federal cybersecurity compliance requirements, including FISMA, OMB Circular A-130, FIPS 199, FIPS 200, and applicable CISA BODs and EDs, and their implications for ISSO responsibilities and security authorization activities. - Experience supporting continuous monitoring activities, including the review and analysis of security-relevant data to assess the ongoing security posture of federal information systems and identify emerging risks and compliance issues. - Ability to review and assess proposed system and configuration changes for security impact, applying sound judgment and federal security requirements to evaluate risk and develop appropriate recommendations. - Familiarity with GRC platforms and tools used for managing RMF documentation, POA&M tracking, and continuous monitoring activities within federal environments, such as CSAM, Archer, or ServiceNow GRC. - Strong organizational skills and attention to detail, with the ability to manage multiple assigned systems and concurrent documentation and assessment activities effectively. - Ability to work collaboratively with diverse stakeholders, including system owners, IT operations teams, developers, and senior security officials, in a fast-paced federal government environment. - Ability to obtain and maintain a Public Trust Clearance. Desired Skills and Competencies: - Prior experience supporting SBA or other federal civilian agency ISSO, security control assessment, or RMF program activities, with demonstrated knowledge of agency-specific security authorization processes and documentation standards. - Experience with cloud security authorization activities, including supporting the RMF process for cloud-hosted systems and familiarity with FedRAMP authorization requirements, continuous monitoring obligations, and cloud security control implementation considerations. - Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools and data requirements, and their integration into continuous monitoring and security authorization activities for federal information systems. - Knowledge of supply chain risk management (SCRM) concepts and their application to ISSO responsibilities and security authorization activities, including NIST SP 800-161 and applicable OMB guidance. - Experience supporting security authorization activities for systems operating under interconnection agreements, including the development and maintenance of Interconnection Security Agreements (ISAs) and Memoranda of Understanding (MOUs). - Familiarity with DevSecOps principles and practices, and experience supporting security authorization activities for systems developed and deployed using Agile and DevSecOps methodologies. - Knowledge of privacy control requirements and their integration into ISSO responsibilities and security authorization documentation, including NIST SP 800-53 privacy controls and applicable OMB privacy guidance. - Experience using automated security assessment tools and techniques to support security control testing and evidence collection activities, improving the efficiency and quality of security control assessments. - Familiarity with containerized and microservices-based system architectures and their implications for security control implementation and assessment within the RMF context. - GIAC Certified Enterprise Defender (GCED) or GIAC Security Essentials (GSEC) certification. - Experience contributing to the development and improvement of agency-wide security authorization processes, templates, and standards to enhance the consistency and quality of security authorization activities across a federal system portfolio.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Information Technology Jobs

Find similar Mid-Level Information Systems Security Officer (ISSO) / Control Evaluator jobs: