Senior Info Systems Security Officer

- Develop, implement, and sustain IT security controls in line with NIST SP 800-53, RMF, and agency security regulations. - Aid in the preparation, evaluation, and submission of Security Authorization packages, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). - Coordinate and organize systems for Security Control Assessments (SCA), ensuring the completeness and accuracy of all documentation. - Perform and document Security Impact Analyses (SIAs) for updates to hardware, software, cloud infrastructure, or connectivity. - Engage in configuration and change control processes, ensuring secure baselines are upheld and accurately documented. - Assist in the categorization of systems and review asset inventories to apply appropriate control baselines. - Evaluate the effectiveness of control implementations and identify deficiencies for remediation or risk acceptance. - Document business justifications and mitigation strategies for risk acceptance submissions for Authorizing Officials. - Support Continuous Monitoring by examining security alerts, system changes, and compliance evidence to confirm ongoing authorization. - Contribute to creating, updating, and enforcing security policies, procedures, and technical guidelines. - Participate in internal IT governance activities, including handling exceptions, reviewing standards, and processing control waivers. - Support compliance with security awareness and training for personnel with system access. - Monitor emerging threats and suggest adaptive security measures in response to changes in the risk environment. - Prepare high-quality technical documentation, status reports, and risk briefings for internal and external stakeholders.