Steampunk is searching for an ISSO Project Manager/Team Lead to support a government customer in Washington, DC. The primary responsibilities for the position are to support all activities that ensure and enforce quality assurance of security authorization documentation, submittal of security authorization documentation to the appropriate approval authorities, scheduling artifact delivery from the ISSOs to oversight of assessments, and ensuring the successful completion of the Security Authorization process. The nature of the work requires that you bring leadership, initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. You will be expected to be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

• Lead teams of 5-10 Information System Security Officers (ISSOs) in delivering continuous monitoring and security authorization support according to developed project schedules and program priorities. 

• Provide quality assurance of all security authorization documentation and other documentation that supports the system.

• Manage DHS Performance Plan Metrics for assigned programs and systems.

• Develop ATO Package from the results of the assessment team and ISSO.

• Provide oversight of vulnerability and weakness management for assigned programs.

• Prepare reports on the aggregate risk for systems in supported programs.

• Provide risk determinations in support of security authorization, weakness remediation, and audit activities.

• Attend SDLC project meetings for assigned systems, review system business requirements against NIST and DHS security controls requirements to identify gaps and discuss solutions/mitigations, risk rate the identified gaps and raise risks to the customer.

• Recommend appropriate mitigation measures, proper design trade-offs in terms of potential impacts and cost benefits.

• Monitor the gates in the System Lifecycle Management (SLM) process and prepare the customer with outstanding issues and risks identified in the process prior to concurrence on system readiness.

• U.S. Citizen
• Six (6) years of relevant, demonstrable extensive experience, preferably in IA management.
• Bachelor’s Degree or Bachelor’s Degree may be substituted with four (4) additional years of relevant, demonstrable additional experience (preferably FISMA- related experience), for a total of 10 years’ experience.
• If you have a Master's Degree you only need four (4) years of relevant, demonstrable additional experience (preferably FISMA- related experience).
• Industry-standard security certification required, with one of the following preferred:
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA Advanced Security Practitioner (CASP)
  • Certified Information Security Manager (CISM)
• Project Management Professional (PMP) and Agile certifications preferred.
• Applies extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems
• Extensive specialized knowledge of financial audit standards, classified system IA requirements and Privacy Act requirements.
• Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
• Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines Knowledge and experience with the vulnerability scanning execution, assessment, and analysis.
• Knowledge and experience with the operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN]).
• Knowledge and experience with application security, database security, and network security.
• Knowledge and experience with the vulnerability scanning, assessment, and analysis.
• Knowledge and experience with the information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies.
• Ability to assess and weigh current and evolving security threats in an operational environment.

Preferred Skills

• Experience providing ISSO support to DHS
• Experience supporting systems hosted in Cloud environments.
• Experience supporting systems in Agile and DevOps environments.

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.