Information System Security Officer – Cloud Data Platform

This is a fully remote position, open to applicants in District of Columbia, +1 more state.

📋 Description

• Act as the appointed Information System Security Officer (ISSO) and the main cybersecurity authority for the cloud data platform.

• Oversee all security operations related to the system's Authority to Operate (ATO) and its ongoing authorization process.

• Create, maintain, and revise security documentation including: System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Risk Assessments, Security Assessment Reports (SARs), and Continuous Monitoring artifacts.

• Ensure compliance with: FedRAMP Moderate, FISMA, NIST SP 800-53, NIST SP 800-207 (Zero Trust), and FTC security policies.

• Implement and uphold cloud security measures within Microsoft Azure.

• Design and oversee identity and access management utilizing Microsoft Entra ID and Role-Based Access Control (RBAC).

• Set up and verify encryption for data both at rest and in transit.

• Assist in vulnerability management, planning for remediation, and conducting security assessments.

• Manage monthly continuous monitoring tasks and security metrics reporting.

• Execute annual risk assessments and reviews of security controls.

• Aid in the preparation of privacy documentation such as Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs).

• Collaborate closely with the Government Authorizing Official, System Owner, Chief Information Security Officer (CISO), Contracting Officer Representative (COR), and Continuous Assurance teams.

• Assist with incident response, forensic investigations, and analysis of security events.

• Coordinate vulnerability scanning, penetration testing, and activities for remediation.

• Engage in tabletop exercises, disaster recovery planning, and initiatives to enhance cyber resilience.

• Ensure that cloud solutions adhere to FedRAMP authorization boundaries and federal cybersecurity mandates.

• Provide technical advice to cloud architects and engineering teams on secure cloud architecture and execution.

⛳️ Requirements

• At least 5 years of experience in ISSO or cloud cybersecurity roles within federal cloud environments.

• Proven experience in supporting Microsoft Azure cloud environments.

• In-depth knowledge of: Cloud Security, Zero Trust Architecture, Identity and Access Management, RBAC, Encryption technologies, Data Loss Prevention (DLP), Vulnerability Management, and Incident Response.

• Familiarity with supporting: FedRAMP, FISMA, NIST 800-53, Continuous Monitoring, and Risk Management Framework (RMF).

• Experience in developing and managing ATO packages.

• Strong comprehension of cloud security architecture and secure system design principles.

• Exceptional written communication skills, with experience in producing high-level executive security documentation.

• Required Certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), CompTIA Cloud+.

🏝️ Benefits

• Health insurance

• Professional development