Job Description

Position Overview

• Location Type: [Not specified]
• Employment Type: Full-Time
• Salary: [Not specified]

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

The Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (ISO), Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of their assigned information system(s).

Responsibilities

• Maintaining the overarching operational security posture and managing the day-to-day security operations of your assigned Information System (IS).
• Developing, reviewing, and maintaining security and authorization documentation, including:
  • System Security Plans (SSPs)
  • Risk Assessment Reports
  • Certification and Accreditation (C&A) packages
  • System Requirements Traceability Matrices (SRTMs)
• Performing vulnerability/risk assessment analyses to support assessment and authorization (A&A).
• Ensuring the implementation and maintenance of security controls in accordance with the SSP and the organization's security policies, standards, and procedures.
• Supporting security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).
• Providing configuration management (CM) for IS security software, hardware, and firmware, and leading Change Control Board (CCB) meetings.
• Providing guidance and security expertise to program leadership.

Requirements

• Experience with and knowledge of Federal DevSecOps frameworks and processes.
• Experience with IS accreditors, policies, and procedures to support Authority to Operate (ATO)/Authority to Connect (ATC) decision making and operational practices.
• Experience with RMF, NIST SP 800-53, Security Technical Implementation Guides (STIGs), and/or Security Content Automation Protocol (SCAP) Compliance Checker.
• Knowledge of and experience leading the A&A process.
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Experience in preparing detailed SSPs to achieve ATO objectives.
• Knowledge of new and emerging IT and cybersecurity technologies.

Application Instructions

• [Not specified]

Company Information

True Zero Technologies is a veteran-owned small business recognized for its growth and commitment to employee satisfaction. They were recognized as a “Best Places to Work” in 2023 and as one of Inc. Magazine’s Top 5000 Fastest Growing Companies in 2022.