Information System Security Officer (ISSO) - Lead
Company: MindPoint Group
Posted on: May 7, 2021
MindPoint Group delivers industry-leading cybersecurity
solutions, services, and products. We are the trusted cybersecurity
advisors to key government and commercial decision-makers and
support security operations for some of the most security-conscious
organizations globally. We design and implement innovative security
solutions to identify and defend against todays risks and tomorrows
attacks. We believe that helping organizations operate from the
best security posture possible requires automation. Empowering our
employees to excel and providing them with the means to do so
enables us to consistently exceed our clients expectations. Unlike
many IT consultancies, were not a body shop. Our client engagements
are challenging and growth-oriented. Our relationship with you is
for the long run because, in this business, your success is our
success. Thats why we treat investments in employees as investments
in the company itself, which is why we offer fantastic benefits
(healthcare, generous PTO, paid maternity and paternity leave, and
tuition reimbursement, to name a few). But youll want to work here
for reasons that cant be written into an offer letterthe challenge,
growth opportunities, and most important: the culture of a company
that cares about you. We are an established, profitable, and
growing company that promises you the following:
- A diverse organization.
- A safe workplace with zero tolerance for discrimination and
harassment of any kind.
- A balanced work life. Seriously.
- Potential of a flexible schedule, depending on the specific
- A leadership team focused on your professional growth and
development. This position is contingent upon award. The location
will be remote to start due to Covid, but may consider candidates
who are open to MD or DC. The Information System Security Officer
- Analyze design constraints, analyze trade-offs and detailed
system and security design, and consider life cycle support.
- Apply security policies to applications that interface with one
another, such as Business-to-Business (B2B) applications.
- Assess the effectiveness of cybersecurity measures utilized by
- Assess threats to and vulnerabilities of computer system(s) to
develop a security risk profile.
- Build, test, and modify product prototypes using working models
or theoretical models.
- Conduct Privacy Impact Assessments (PIAs) of the applications
security design for the appropriate security controls, which
protect the confidentiality and integrity of Personally
Identifiable Information (PII).
- Design and develop cybersecurity or cybersecurity-enabled
- Design hardware, operating systems, and software applications
to adequately address cybersecurity requirements.
- Design or integrate appropriate data backup capabilities into
overall system designs, and ensure that appropriate technical and
procedural processes exist for secure system backups and protected
storage of backup data.
- Develop and direct system testing and validation procedures and
- Develop detailed security design documentation for component
and interface specifications to support system design and
- Develop Disaster Recovery and Continuity of Operations plans
for systems under development and ensure testing prior to systems
entering a production environment.
- Develop risk mitigation strategies to resolve vulnerabilities
and recommend security changes to system or system components as
- Develop specific cybersecurity countermeasures and risk
mitigation strategies for systems and/or applications.
- Identify components or elements, allocate security functions to
those elements, and describe the relationships between the
- Identify and direct the remediation of technical problems
encountered during testing and implementation of new systems (e.g.,
identify and find work-arounds for communication protocols that are
- Identify and prioritize essential system functions or
sub-systems required to support essential capabilities or business
functions for restoration or recovery after a system failure or
during a system recovery event based on overall system requirements
for continuity and availability.
- Identify, assess, and recommend cybersecurity or
cybersecurity-enabled products for use within a system and ensure
that recommended products are in compliance with organization's
evaluation and validation requirements.
- Implement security designs for new or existing system(s).
- Incorporate cybersecurity vulnerability solutions into system
designs (e.g., Cybersecurity Vulnerability Alerts).
- Perform risk analysis (e.g., threat, vulnerability, and
probability of occurrence) whenever an application or system
undergoes a major change.
- Provide guidelines for implementing developed systems to
customers or installation teams.
- Provide input to the Risk Management Framework process
activities and related documentation (e.g., system life-cycle
support plans, concept of operations, operational procedures, and
maintenance training materials).
- Store, retrieve, and manipulate data for analysis of system
capabilities and requirements.
- Provide support to security/certification test and evaluation
- Utilize models and simulations to analyze or predict system
performance under different operating conditions.
- Design and develop key management functions (as related to
- Analyze user needs and requirements to plan and conduct system
- Develop cybersecurity designs to meet specific operational
needs and environmental factors (e.g., access controls, automated
applications, networked operations, high integrity and availability
requirements, multilevel security/processing of multiple
classification levels, and processing Sensitive Compartmented
- Ensure that security design and cybersecurity development
activities are properly documented (providing a functional
description of security implementation) and updated as
- Implement and integrate system development life cycle (SDLC)
methodologies (e.g., IBM Rational Unified Process) into development
- Employ configuration management processes.
- Design, implement, test, and evaluate secure interfaces between
information systems, physical systems, and/or embedded
- Design, develop, integrate, and update system security measures
that provide confidentiality, integrity, availability,
authentication, and non-repudiation.
- Design to security requirements to ensure requirements are met
for all systems and/or applications.
- Develop mitigation strategies to address cost, schedule,
performance, and security risks.
- Perform an information security risk assessment.
- Perform security reviews and identify security gaps in
- Provide input to implementation plans and standard operating
procedures as they relate to information systems security.
- Trace system requirements to design components and perform gap
- Verify stability, interoperability, portability, and/or
scalability of system architecture.
- Active Secret clearance required
- Master's degree or PHD preferred, experience may be considered
in lieu of degree
- 7-10-years of experience in Cybersecurity Assurance
- Certified Information Systems Security Professional (CISSP)
required in order to assist the agency with its ISSO practices
- Some travel may be required depending on the project
- All your information will be kept confidential according to EEO
- Equal Opportunity Employer Veterans/Disabled
Keywords: MindPoint Group, Baltimore , Information System Security Officer (ISSO) - Lead, Other , Annapolis, Maryland
Didn't find what you're looking for? Search again!