Senior Information Systems Security Officer (ISSO)

**Overview:** The Senior Information Systems Security Officer (ISSO) will work directly with the Maximus Federal Business Information Security Officer (BISO) to identify and manage implementation of security policies, standards, and procedures that support federal customers with federal requirements to include FISMA, applicable FAR and DFAR Clauses, Executive Orders, and OMB's applicable to IL5 Cloud Environments. **Responsibilities:**

• Performs application vulnerability assessments to identify application vulnerabilities
• Performs network vulnerability assessments to identify host vulnerabilities
• Identifies, analyzes, and prioritizes vulnerability findings
• Analyzes system configurations to identify possible security gaps and/or compliance violations
• Establishes collaborative working relationships with internal resources to provide security assessments, reports, and recommendations
• Performs other related duties as assigned
• Creates and manages System Security Plan and creation and/or validation of all associated artifacts required to obtain DISA IL5 certification as well as NIST 800-53 compliance
• Liaisons with Maximus Federal business units, Maximus Corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met
• Communicates federal requirements to Maximus Information Security Office (ISO) and advises implementation of applicable security controls and hardening standards to governance and technical teams
• Assists the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually reviews controls on organizationally defined periodicities
• Actively collaborates with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined remediation timelines and hardening standards via enterprise vulnerability management tools
• *Qualifications:**
• Bachelor's Degree
• 7-10 years of security or technology related experience
• Professional certifications, such as Security+, CEH, or CISSP, desirable
• Knowledge of IPv4 network architecture and core services
• Knowledge of web application development and architecture
• Knowledge of network security controls
• Knowledge of vulnerability management
• Experience with dynamic application security testing (DAST) tools and vulnerability management (VM) tools
• Familiarity with OWASP Top 10, WASC Threat Classification, and CVE
• Familiarity with NIST SP 800-53
• Experience with automated service ticketing systems
• Excellent analytical, decision-making, and problem-solving skills
• Ability to communicate technical information in understandable business terms
• Excellent interpersonal skills, presentation skills, and verbal/written communication skills
• Strong customer service abilities required
• Ability to work collaboratively with a broad range of staff
• Skilled in Microsoft Office software including Word, Excel, Visio, MS Project, and PowerPoint
• *Benefits:**
• Annual salary between $108,375.00 and $146,625.00
• Comprehensive benefits package including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off
• Opportunity to work on complex issues and develop solutions to a variety of complex problems
• Collaborative and dynamic work environment
• Ongoing training and professional development opportunities
• Ability to work from home and flexible work arrangements available