Information System Security Officer (ISSO) - Lead

Company: MindPoint Group
Location: Annapolis
Posted on: May 7, 2021

Job Description:

MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are the trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. We design and implement innovative security solutions to identify and defend against todays risks and tomorrows attacks. We believe that helping organizations operate from the best security posture possible requires automation. Empowering our employees to excel and providing them with the means to do so enables us to consistently exceed our clients expectations. Unlike many IT consultancies, were not a body shop. Our client engagements are challenging and growth-oriented. Our relationship with you is for the long run because, in this business, your success is our success. Thats why we treat investments in employees as investments in the company itself, which is why we offer fantastic benefits (healthcare, generous PTO, paid maternity and paternity leave, and tuition reimbursement, to name a few). But youll want to work here for reasons that cant be written into an offer letterthe challenge, growth opportunities, and most important: the culture of a company that cares about you. We are an established, profitable, and growing company that promises you the following:

• A diverse organization.
• A safe workplace with zero tolerance for discrimination and harassment of any kind.
• A balanced work life. Seriously.
• Potential of a flexible schedule, depending on the specific customer.
• A leadership team focused on your professional growth and development. This position is contingent upon award. The location will be remote to start due to Covid, but may consider candidates who are open to MD or DC. The Information System Security Officer (ISSO) Lead:
  • Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
  • Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
  • Assess the effectiveness of cybersecurity measures utilized by system(s).
  • Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
  • Build, test, and modify product prototypes using working models or theoretical models.
  • Conduct Privacy Impact Assessments (PIAs) of the applications security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
  • Design and develop cybersecurity or cybersecurity-enabled products.
  • Design hardware, operating systems, and software applications to adequately address cybersecurity requirements.
  • Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
  • Develop and direct system testing and validation procedures and documentation.
  • Develop detailed security design documentation for component and interface specifications to support system design and development.
  • Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
  • Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
  • Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
  • Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements.
  • Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
  • Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
  • Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
  • Implement security designs for new or existing system(s).
  • Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts).
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Provide guidelines for implementing developed systems to customers or installation teams.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
  • Provide support to security/certification test and evaluation activities.
  • Utilize models and simulations to analyze or predict system performance under different operating conditions.
  • Design and develop key management functions (as related to cybersecurity).
  • Analyze user needs and requirements to plan and conduct system security development.
  • Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).
  • Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
  • Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.
  • Employ configuration management processes.
  • Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
  • Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
  • Design to security requirements to ensure requirements are met for all systems and/or applications.
  • Develop mitigation strategies to address cost, schedule, performance, and security risks.
  • Perform an information security risk assessment.
  • Perform security reviews and identify security gaps in architecture.
  • Provide input to implementation plans and standard operating procedures as they relate to information systems security.
  • Trace system requirements to design components and perform gap analysis.
  • Verify stability, interoperability, portability, and/or scalability of system architecture.
  • Active Secret clearance required
  • Master's degree or PHD preferred, experience may be considered in lieu of degree
  • 7-10-years of experience in Cybersecurity Assurance
  • Certified Information Systems Security Professional (CISSP) required in order to assist the agency with its ISSO practices
  • Some travel may be required depending on the project
  • All your information will be kept confidential according to EEO guidelines
  • Equal Opportunity Employer Veterans/Disabled

Keywords: MindPoint Group, Baltimore , Information System Security Officer (ISSO) - Lead, Other , Annapolis, Maryland