Cloud Information System Security Officer- Public Trust

MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. 

Our relationship with you is for the long run because your success is our success. We invest in your success through fantastic benefits (healthcare, generous PTO, paid parental leave, and tuition reimbursement, to name a few). 

Beyond just excellent pay and benefits, you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you. 

A position at MPG promises you 

• A diverse organization 
• A safe workplace with zero tolerance for discrimination or harassment of any kind  
• A balanced work life. Seriously.  
• A stable, established, and growing business
• A leadership team focused on your professional growth and development

MindPoint Group is seeking an experienced Information Systems Security Officer (ISSO) to support a federal customer. The ISSO will manage the overall security-related policies, procedures, laws and regulations; create, document and implement various security plans and compliance documents to enforce Information Assurance principles. Systems are deployed using a public cloud service provider to deliver advanced capabilities to the Federal government using IaaS, PaaS, and SaaS service models. The ISSO will:

• Advise government program managers and stakeholders on security testing methodologies and processes
• Conduct impact level categorizations for Confidentiality, Integrity, and Availability of the information on a system
• Conduct implementation statement reviews
• Create implementation statements
• Advise on systems alignment with the NIST Cyber Security Framework (CSF)
• Develop, coordinate, test Contingency Plans and Incident Response Plans
• Develop and document incident reporting procedures for service desk, admins, and security staff
• Review system security documentation to accommodate changes to policy or technology
• Evaluate certification documentation and provide written recommendations for accreditation to government PMs
• Assess changes in systems, environment, and operational needs that could affect accreditation
• Perform system analysis, system audits, system monitoring, security control assessment/testing, risk management, and support incident response
• Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), and other relevant security documentation for existing and new systems
• Review proposed change requests related to system design/configuration and performing a security impact analysis (SIA) to provide approval or denial recommendations
• Implement and manage Security Controls in accordance with the current revision of NIST 800-53
• Conduct system certification tests, inspections, and reviews that include verification that the features and assurances required for each protection level are in place, and prepare Security Assessment Reports
• Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
• Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts on the security posture of systems
• Develop, maintain, and facilitate the appropriate closure of POA&Ms and any related remediation activities
• Identify and support system Interconnection Security requirements

• US Citizenship with the ability to get a Public Trust required
• Bachelor of Science degree in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or related major; Experience may be substituted for degree requirement
• Possess or be eligible to be granted a U.S. Public Trust security clearance
• Security experience with Cloud environments required. AWS experience preferred
• At least one of the following certifications: CISSP, CCSP, CCSK, CISM, GSLC, CISA, CASP, or equivalent.
• Strong understanding of FedRamp and its market place
• At least 5 years of experience working in Information Assurance, with at least 2 years working in an ISSO role
• Familiarity with the following Security Regulations and/or Frameworks:
  • FISMA.
  • OMB Circular A-130.
  • Privacy Act of 1974.
  • o NIST 800 Special Publication Series (i.e., 800-53, 800-53A, 800-37, etc.)
  • Federal Risk Authorization and Management Program (FedRAMP).
  • NIST Cybersecurity Framework (CSF).
  • ISO/IEC 27017:2015 Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services.
• Strong communications, problem-solving, and analysis skills
• Ability to work in remote teams

• All your information will be kept confidential according to EEO guidelines
• Equal Opportunity Employer Veterans/Disabled