Information Systems Security Officer ISSO (Jr./Mid) - U.S. Citizenship Required

Position Description :

CGI is one of the top 5 largest global IT companies spread across 40 countries with endless opportunities to expand and grow.

As a CGI Federal Member, you have the opportunity to be a shareholder at CGI and join a family of 90, members strong.

CGI Federal is hiring a Mid and Junior-Level Information System Security Officers (ISSO) for FIPS moderate to high impact Cloud systems (IaaS, PaaS or SaaS) to work with a skilled and motivated team of professionals on a high-visibility Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) cyber security program.

You will support a dynamic, fast-paced project focused on improving the cyber security posture of civilian government agencies through the implementation and enhancement of a cybersecurity platform, providing integration service and developing, securing and maintaining cybersecurity dashboards.

You will work closely with a variety of agency stakeholders, supporting their mission, priorities, organization and unique challenges.

You will also support the development of additional cyber security offerings focused on next generation security solutions and technologies.

The successful candidate for this position is a motivated individual, a self-starter who works effectively in a dynamic environment.

This is a great opportunity with room to grow both on the program and within CGI Federal!

This position is located in our Fairfax, VA office; however a hybrid working model is acceptable. You will be required to be in our Fairfax, VA office two days per week.

Your future duties and responsibilities :

• Specific duties include the operation of a continuous monitoring program, developing, updating and maintaining system security documentation and implementing security policies and procedures to support continuous monitoring.
• Participate in the SDLC to integrate NIST -37 Risk Management Framework (RMF) activities into appropriate phases.
• Integrate security within configuration management (CM) and different system development life cycle (SDLC) processes (Waterfall, Agile, DevSecOps).
• Support the NIST -37 RMF and associated processes as well as ITIL guidelines for achieving and maintaining systems’ authority to operate (ATO).
• Implement policy and processes into continuous monitoring to maintain the system ATO.
• Conduct vulnerability scans, update and manage plan of action and milestones (POA&Ms).
• Coordinate security remediation activities, schedules and milestones with stakeholders, establish risk and mitigation strategies and communicate status.
• Update and maintain systems security documentation.
• Conduct risk and vulnerability assessments on changes to the system architecture.
• Participate in change authorization boards (CAB) and provide analysis and recommendations based on the change affecting the security posture of the system.

Required qualifications to be successful in this role :

Due to the nature of the government contract requirements and / or clearance requirements, US citizenship is required as well as successful passing of CGI background check prior to beginning work.

In addition, candidates must have the ability to obtain and maintain a DHS CISA EOD / Public Trust clearance.

• Bachelor’s degree and 0-5 years of experience working on cybersecurity teams for enterprise cybersecurity shared services programs or Cloud programs.
• Continuous monitoring experience with moderate and high impact systems.
• Working knowledge of the following National Institute of Standards and Technology (NIST) Special Publications series (listed in priority) :

o -37 (Risk Management Framework)

o -53 (Security & Privacy Controls)

o -18 (System Security Plans)

o -30 (Risk Assessment)

o - (Continuous Monitoring)

o Federal Processing Standards (FIPS), especially (Security Categorization).

If no experience with NIST, then working knowledge of Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP) or the new DoD information assurance policy .

1 and the risk management framework

• If no experience with NIST and DITSCAP, then working knowledge of NSA Information Assurance Process.
• Experience with vulnerability management and security auditing tools, such as Tenable or similar tools.
• Update and maintenance of plan of action and milestones (POA&Ms).
• Demonstrate understanding of IT security principles, concepts, policy and regulations.
• Demonstrate ability to effectively document security controls.
• Proficient with Microsoft Word, Excel and Microsoft Project.

Desired qualifications

• Technical / development background.
• Experience with Federal Risk and Authorization Management (FedRAMP) Cloud related projects.
• Experience with DevSecOps as an ISSO or Security Tester.
• CISSP, CGRC (previously CAP), CCSP, CRISC, CISM, CEH or other relevant certifications.
• Experience with CISA’s Continuous Diagnostics and Mitigation (CDM) program.

CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications.

To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role.

Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $67, - $,.

CGIFederalJob

LI-MC3

DHSCareers

Skills :

• Information Assurance
• NIST
• Technical Writing
30+ days ago