Enterprise Information System Security Officer Job Listing at SAIC in Colorado Springs, CO (Job ID 2414225)

Description

Description

We are seeking a highly experienced Enterprise Information System Security Officer (ISSO) to directly perform Risk Management Framework (RMF) efforts in support of HQ NORAD-NORTHCOM (N&NC) on the NITES program. The ideal candidate will possess deep expertise in IT security Governance, Risk management, and Compliance, with a proven track record of successfully using eMASS and adhering to DoD RMF standards, including NIST SP 800-37.

Key Responsibilities:

• Lead and oversee RMF activities to support the acquisition and maintenance of Authorities to Operate (ATO) for systems and enclaves.
• Assess Security Technical Implementation Guides (STIGs) and recommend compliance to ensure highest standards of Confidentiality, Integrity, and Availability (CIA triad).
• Develop and maintain comprehensive ATO package documentation in compliance with RMF and Authorization and Accreditation (A&A) requirements.
• Guide the implementation of security and privacy controls outlined in NIST SP 800-53, ensuring alignment with organizational policies.
• Ensure new systems comply with NIST SP 800-53 Rev 5 and integrate security best practices throughout the system lifecycle.
• Support the RMF Continuous Monitoring Plan to uphold ongoing authorization requirements and facilitate effective STIG remediation efforts.
• Provide essential artifacts and documentation to secure ISSM/government approvals for Plans of Action and Milestones (POA&Ms).
• Collaborate with cross-functional teams to assess and mitigate risks associated with information security, ensuring proactive risk management.
• Conduct regular audits and assessments to verify compliance with established security policies and standards.
• Stay abreast of cybersecurity threats and trends, integrating relevant findings into risk management strategies and practices.
• Be prepared to brief significance of security findings, mitigation, and recommendations to assure appropriate balance of CIA triad.
• Mentor junior team members on RMF processes and security best practices.

 

Qualifications

Required Qualifications:

• Active DoD Top Secret Clearance
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or similar with 5 years experience or additional experience in lieu of a degree. 
• Relevant DoD IAT Level II certification(s): CCNA Security, GSEC, Security+ CE, CySA, SSCP, CASP CE, etc.
• At least 5 years of experience in NIST SP 800-53 Security Controls, with a strong focus on direct RMF and Certification and Accreditation processing.
• Experience with the continuous monitoring of system security controls.
• Prior experience using eMASS for risk management and compliance documentation.
• Demonstrated expertise in IT Security Governance, Risk, and Compliance frameworks.
• Strong analytical, problem-solving, and communication skills.
• Able to constructively interface with other IA team members, other security disciplines (Security Operations), program personnel and government security representatives. 

Desired Qualifications:

• Advanced degree in Cybersecurity, Information Technology, or a related field.
• Advanced Cybersecurity Certification of CISSP, CISM, CRISC or other.
• In-depth knowledge of DoD RMF standards and NIST SP 800-37, NIST SP 800-53 Rev 5.
• Experience in enhancing RMF operations and applications to automate Assessment and Authorization (A&A).
• Experience with the development of core documentation including System Security Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans.
• Strong analytical skills with a demonstrated ability to interpret vulnerability data and develop mitigation strategies.
• Understanding of Assured Compliance Assessment Solution (ACAS) results. 
• Excellent problem-solving and communication skills, with the ability to work collaboratively in a team environment.

Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

 Apply on company website