M+E Technology Job Board
Information System Security Officer
DXC Technology
DXC Technology has an immediate need in our US Public Sector group for an Information System Security Officer in Raleigh, NC and Eagan, MN.
The ISSO operates as a trusted advisor in the organization, working with client management and focusing specifically on the security environment in relation to client business objectives. The ISSO helps to understand operational issues and plans the next steps in collaboration with Account ASOs from an information security viewpoint.
-
Demonstrate industry expertise and understanding of security governance and compliance.
-
Ability to interact and influence at an organizational level to carry out governance, risk and compliance activities.
-
Responsible for completing Governance Risk and Compliance (GRC) functions that entail security control implementation, continuous monitoring and federal Assessment and Authorization (A&A) activities within the US Postal Service.
-
Work closely with client to ensure operational security measures are implemented.
-
Assess and mitigate system security risks; determine and analyze security requirements for implementation and testing.
-
Review and continuously monitor, implemented security controls.
-
Create and maintain security checklists, templates and other tools to aid in the A&A process.
-
Perform security control assessment using NIST 800-53A guidance, as per continuous monitoring requirements.
-
Perform risk analyses to determine and recommend essential safeguards.
-
Proactively mitigate system vulnerabilities and recommend compensating controls.
-
Prepare security authorization packages in accordance with client contractual requirements.
-
Develop core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
-
Maintain client-specific Plan of Action and Milestones and support remediation activities.
-
Maintain an inventory of hardware and software for the information system.
-
Develop, test and train on Contingency and Incident Response planning.
-
Conduct independent scans of application, network, and database and utilize Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.
Required:
Bachelors or Master’s degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
- 5-7 years’ experience working in a risk management, audit, security or technical delivery role.
-
Knowledge of the security countermeasures and overall RMF and NIST compliance regulations.
-
Ability to work effectively in diverse, multi-national and virtual environments.
-
Self-motivated and tenacious.
-
Demonstrate sound judgment and integrity.
-
Excellent and effective communication skills and fluency in English.
Preferred Skills:
-
Experience in overall Security Risk and Compliance initiatives.
-
CISSP, CISM/CISA or CRISC a plus.
DXC Technology
DXC Technology has an immediate need in our US Public Sector group for an Information System Security Officer in Raleigh, NC and Eagan, MN.
The ISSO operates as a trusted advisor in the organization, working with client management and focusing specifically on the security environment in relation to client business objectives. The ISSO helps to understand operational issues and plans the next steps in collaboration with Account ASOs from an information security viewpoint.
-
Demonstrate industry expertise and understanding of security governance and compliance.
-
Ability to interact and influence at an organizational level to carry out governance, risk and compliance activities.
-
Responsible for completing Governance Risk and Compliance (GRC) functions that entail security control implementation, continuous monitoring and federal Assessment and Authorization (A&A) activities within the US Postal Service.
-
Work closely with client to ensure operational security measures are implemented.
-
Assess and mitigate system security risks; determine and analyze security requirements for implementation and testing.
-
Review and continuously monitor, implemented security controls.
-
Create and maintain security checklists, templates and other tools to aid in the A&A process.
-
Perform security control assessment using NIST 800-53A guidance, as per continuous monitoring requirements.
-
Perform risk analyses to determine and recommend essential safeguards.
-
Proactively mitigate system vulnerabilities and recommend compensating controls.
-
Prepare security authorization packages in accordance with client contractual requirements.
-
Develop core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
-
Maintain client-specific Plan of Action and Milestones and support remediation activities.
-
Maintain an inventory of hardware and software for the information system.
-
Develop, test and train on Contingency and Incident Response planning.
-
Conduct independent scans of application, network, and database and utilize Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.
Required:
Bachelors or Master’s degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
- 5-7 years’ experience working in a risk management, audit, security or technical delivery role.
-
Knowledge of the security countermeasures and overall RMF and NIST compliance regulations.
-
Ability to work effectively in diverse, multi-national and virtual environments.
-
Self-motivated and tenacious.
-
Demonstrate sound judgment and integrity.
-
Excellent and effective communication skills and fluency in English.
Preferred Skills:
-
Experience in overall Security Risk and Compliance initiatives.
-
CISSP, CISM/CISA or CRISC a plus.