Information Systems Security Officer

Back

Information Systems Security Officer

@ CGI

Position Description:

  • The Information Systems Security Officer (ISSO) must hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP) and have a minimum of five years of experience equivalent to performing the duties of an ISSO.


Your future duties and responsibilities:

  • Function as System Owner’s IT security expert.
  • Advise the system owner (SO) regarding security considerations in applications systems procurement or development, implementation, operation and maintenance, and disposal activities (i.e., life cycle management). Reports any possible weakness/vulnerability to the SO
  • Assist in the determination of an appropriate level of security commensurate with the level of sensitivity. Coordinate with all stakeholders to ensure that the major application maintains confidentiality, integrity and availability.
  • Assist in the development and maintenance of security and contingency plans.
  • Participate in security impact analysis to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
  • Participate in security impact analysis of system safeguards and program elements and in authorization and assessment (A&A) of the system for continuous monitoring.
  • Meet routinely with the SO to review POA&M (Plan of Actions and Milestones) status.
    • Generate draft POA&Ms as needed
    • Keep Management abreast of any POA&M issues that affect completion dates
    • Issue WCVFs (Weakness Completion Verification Form) to officially close out POA&Ms
  • Ensure that the system documentation in CSAM is current including but not limited to:
  • Act as the point of contact (POC) for all security incidents and the Computer Incident Response Team (CIRT)
  • Handle and investigate incidents in cooperation with, and under direction of, the SO and CIRT.
  • Provide oversight of vulnerability scanning and assist in penetration testing of systems/networks.
  • Ensure all user accounts are disabled within 24 hours of notification of user’s separation and immediately for individuals being separated for adverse reasons.
  • Monitor and review security policy, practices, and procedures.
  • Enforce the security of all interfaces with external systems, develop and maintain interconnection documentation (ISA, SLA, MOU, and MOA).
  • Responsible for maintaining a security certification as specified by policy.
  • Responsible for taking annual role-based security training commensurate with the role and keeping security knowledge current.
  • Act as system Security representative in all meetings including but not limited to:
    • CMB (Change Management Board)
    • Briefings
    • Development and Operations Meetings
    • Development elaborations and sprints
  • Support the CDM (Continuous Detection and Mitigation) Program
    • Ensure that CDM metrics are properly collected
    • Update CDM documentation as required
    • Coordinate CDM Data Calls
    • Verify that the systems Control Allocation Table and Trigger Logs are kept up to date.
  • Participates in the Authority to Deploy (ATD) process
    • Verify that deployments do not present unmanageable risks to BSEE.
    • Review all scans
    • Work with developers and administrators to address mitigation of findings
    • Verify that the ATD form is accurately completed.
    • Approve deployment of any hardware/application that is shown to be low or no risk.
    • Verify that development meets appropriate NIST SP800-53 controls.


Qualifications:

Required qualifications to be successful in this role:

  • The ISSO must possess experience in managing security operations of a large complex Federal Government IT system.
  • Hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP)
  • Minimum of five years of experience equivalent to performing the duties of an ISSO.
  • Strong understanding of project management principles and practices
  • Strong understanding of Helpdesk and Customer Relations Support systems


Desired qualifications

  • Experience with Oracle technologies including ADF, Web Logic, Forms and Reports, and APEX.
  • Experience with Atlassian tools: Confluence, Jira, Git
  • Project Manager Professional (PMP) Certification
  • Information Technology Infrastructure Library (ITIL) Certification


Minimum Years of directly related experience Required: 10

Minimum Education Required: Bachelors Degree


How to Apply:

Apply online at https://www.cgi.com/en/careers

Visit Site to Apply

Location: Lafayette, LA
Date Posted: September 07, 2022
Application Deadline: November 07, 2022
Job Type: Full-time