Credence Management Solutions, LLC (Credence) is seeking a seasoned Information System Security Officer (ISSO) to provide IT professional support for Information System and Security Officer (ISSO) and Security Control Assessment (SCA) activities, working with United States Marshals Service (USMS) system owners and other operations and maintenance (O&M) staff to ensure compliance with DOJ security requirements and standards for the USMS P30 system.

The ISSO support will include developing and maintaining an IT System Security Compliance Schedule covering 12-month intervals that capture POA&M Action Items, required ITSS reports/updates, Change Control Board Meetings, Scheduled Vulnerability Scans, and Updates to System IT Security Documentation. Support includes the following:

• Trains (informally) in group and one-on-one sessions; RMF, Cybersecurity Asset Management (CSAM) Security Technical Implementation Guides (STIGs), STIG viewer, and Security Center scanning.
• Provides direction and guidance to users involved in computer incidents (e.g., data spills, privacy spills, and malicious code); serve as liaison between user(s), and Incident Response Teams.
• Advises the systems owner on the security posture of their systems.
• Performs assessment and authorization (A&A) activities on classified and unclassified networks in accordance with the DOJ/NIST Risk Management Framework (RMF).
• Develops and update artifacts for all control families (Security Categorization, SSP, Contingency Planning, Incident Response, Configuration Management, etc.).
• Performs compliance assessment reviews, tracking, and continuous monitoring of multiple networks, systems, and applications.
• Advises stakeholders throughout the entire lifecycle of the A&A process to include the development of Systems Security Plans (SSP).
• Performs System Categorization in accordance with FIPS-199 and CNSS 1253.
• Performs security control assessments in accordance with NIST 800-53A.
• Develops/edits/reviews Security Assessment Plans using CSAM.
• Performs risk analysis and prepares reports on networks, facilities and systems.
• Reviews, creates and validates Security Assessment Reports.
• Develops and maintain the Plan of Action and Milestones (POA&M) statements, and support remediation activities through their lifecycle.
• Supports Incident Response and Contingency activities.
• Performs security impact analysis on all configuration change requests.
• Reviews information in support of DOJ OCIO review for FISMA inventory

• 
  Top Secret (TS) security clearance is required.
• Bachelor’s degree or significant equivalent experience is required.
• Eight (8) years of IT Security experience with extensive knowledge in security regulations, Risk Management Framework, and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems.
• Must possess either CISSP, CISA, or CISM
• Must be able to function resourcefully and independently and work with a diverse team of IA/cybersecurity practitioners
• Strong written and verbal communication skills required.
• Experience working within DOJ Offices, Boards, and Divisions (OBDs), with an understanding of unique organizational security policies and security controls implementations within specific IT environments is desired.