Information Systems Security Officer (ISSO)

Back

Information Systems Security Officer (ISSO)

@ CGI

Position Description:

  • This is a rare opportunity to join a fast-growing team of information security experts as we transform, enhance, and expand the security program for one of the largest information technology providers in the world.
  • You will support Federal Solutions Group supporting governance, risk, and compliance consulting services as well as security service delivery across one or more US-based industries.
  • The successful candidate will have a broad knowledge of current security practices as well as the ability to identify and apply legal, regulatory, and industry-specific security requirements.
  • You will help our clients define and deploy effective security solutions and strategies while addressing ever-changing regulatory and industry compliance challenges.
  • You must be able to collaborate with a variety of technical and management disciplines including infrastructure and security architecture, security operations, application development, project managers, product owners, and others.
  • This position can be located at any CGI office in the U.S, preferred location is Knoxville, Tn; however, a hybrid working model is acceptable.


Your future duties and responsibilities:

  • The responsibilities of the Information Systems Security Officer include, but are not limited to:
  • Support the Information System Security Manager in providing and maintaining the below:
  • Maintain operational security posture for an information system or program to ensure information systems security design, implementation, management and review of policies, standards, baselines, procedures, and guidelines are established and followed. Understand the business functions to help ensure business is conducted as securely as possible.
  • Create and review documentation to support Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and Client Responsibility Matrix (CRM)
  • Identify, manage and monitor POA&Ms, assisting Business Units or Clients in improving the quality and effectiveness of their POAMs. Provide guidance through remediation as well as develop corrective action plans for each POA&Ms.
  • Provide continuous monitoring and event-driven monitoring management services to include running adhoc or on demand scanning of project teams environment. Identify assets and associated vulnerabilities and provide recommendations for remediation. Ensure audit records and event logs are collected, reviewed, and documented (to include any anomalies) Document security breaches and assess their damage.
  • Provide configuration management (CM) for information system security software, hardware, and firmware; manage changes to system and assess the security impact of those changes.
  • Work with multiple teams and client project team members and establish and maintain a strong customer-focused working relationship. Assist the System Owner operate the system as securely as possible to fulfill mission requirements.
  • Establish and maintain regular written and in-person communications with the organization's executives, department heads and end users regarding pertinent security activities.
  • Keep up to date with developments in IT



Qualifications:

Required qualifications to be successful in this role:

  • High School Diploma and four (4) years of relevant experience
  • Cyber Information Security Analysis
  • Experience with FedRAMP and NIST compliance
  • Experience with cloud security for Google, and Azure environments
  • Experience with web application scanning tools and translating results into actionable tasks
  • Experience with network architecture concepts, common ports and protocols, and network monitoring tools
  • Experience with writing clear and concise technical documents specifically policies, processes, and procedural documentation
  • Experience with Cloud Native Security Tool
  • Experience with container security tools
  • Organizational skills and the ability to work autonomously or under supervision with attention to detail and processes
  • Experience with NIST 800-53 Rev 5 Agency ATO process and documentation
  • Direct experience with certification and accreditation techniques and methodologies


Desired qualifications/non-essential skills required:

  • Security+, Project+, or another Cybersecurity Industry Certification


Skills:

  • IT Security
  • Computer Security
  • Security Architecture


How to Apply:

Apply online at https://cgi.jobs/locations/lafayette-la/jobs/ 

Visit Site to Apply

Location: Lafayette, LA
Date Posted: March 12, 2025
Application Deadline: April 11, 2025
Job Type: Full-time