Description Leidos is seeking an experienced Information Security Compliance Officer (ISCO) to take charge of managing authorizations and risks associated with the processing, storage, and transmission of sensitive information across various programs within the Dissemination Task Order on the FS2 Program. This role is critical in ensuring adherence to both regulatory requirements and security best practices, leading security assessment initiatives, collaborating with management organizations, and enforcing compliance across all systems.
The ISCO will play a vital role in developing and delivering training for end-users and program staff, ensuring they understand and follow proper security practices. The position includes conducting comprehensive security and risk assessments utilizing various accreditation frameworks, including NIST, RMF, and ICDs, to effectively mitigate risks and maintain operational integrity.
Primary Responsibilities: - Design and implement risk mitigation strategies to enhance project effectiveness and operational performance.
- Quickly update and maintain security documentation, including System Security Plans and POA&Ms.
- Maintain and oversee system security plans using tools like ServiceNow and XACTA-360.
- Drive necessary security changes through review boards and steering groups to meet Risk Management milestones.
- Work independently and collaboratively to advance security process improvements and address customer security requirements.
- Engage with teams to execute secure software and hardware processes that adhere to government standards.
- Tackle complex security challenges with advanced technical knowledge and problem-solving skills.
- Communicate effectively with internal leadership regarding significant security matters.
- Apply deep understanding of information security principles across a variety of programs.
- Develop and maintain security documentation compliant with NGA and NIST standards.
- Coordinate all Assessment and Authorization activities with NGA Designated Authorization Officials.
- Respond to cybersecurity directives, ensuring adherence to NGA operational processes.
- Assess the effectiveness of security implementations against known vulnerabilities.
- Conduct security audits and track remediation efforts through POA&Ms.
- Collaborate with System Administrators to remediate vulnerabilities and manage reporting processes.
- Update Security CONOPS and IT Disaster Recovery plans regularly.
- Oversee security profiles for systems undergoing Assessment and Authorization.
- Collaborate across teams to develop and maintain security plans and documentation.
- Keep accurate records of program IT systems, upgrades, and configuration changes.
- Evaluate security solutions and maintain operational security posture for IT systems.
- Provide user training and manage access controls within information systems.
Basic Qualifications: - U.S. citizenship required.
- Bachelor's degree and 12+ years of relevant experience.
- Must possess TS/SCI clearance with the ability to obtain a CI Poly.
- Sec+ certification or higher is required.
- Experience with NGA operations is preferred.
- Familiarity with ICD-503 and NIST risk management frameworks is essential.
- Experience with tools such as XACTA, HBSS, ACAS, Nessus, and SPLUNK is desirable.
Preferred Qualifications: - 3+ years of experience in vulnerability analysis using Nessus or similar tools.
- Experience within the Intelligence Community is preferred.
This position requires a proactive approach to enhancing security practices and ensuring compliance across multiple programs. If you are passionate about information security and have the qualifications, we encourage you to apply.