Information Systems Security Officer

Req ID:261480

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Information Systems Security Officer to join our team in Mc Lean, Virginia (US-VA), United States (US).

The Information Security Officer acts as the trusted security advisors to the individual COO Offices. The ISO will get involved with COO Office technology projects early in their lifecycle, to bake security in at the beginning rather than an afterthought by directing security strategy and operations for the protection of the enterprise information assets for their Office A key responsibility of this individual is to document each system's System Security Plan (SSP). .

Primary Duties and Responsibilities:

• Perform as a trusted advisor to the System Owner.
• Write a brief security strategy for each information system for the office and update annually, as needed.
• Advise the System Owner/System Owner Representative as the principal IT security advisor on all matters involving the security of an information system.
• Perform a security impact analysis of all proposed changes and configuration management de cisions, which have impact on system security.
• Recommend alternate system architecture(s) for improved security.
• Communicate the need to understand COO IT security policies and provides feedback to shape our policies
• Gather system security information to fill out ITSO's defined IT scorecard, annually, and review the scorecard periodically.
• Establish and execute the system's continuous monitoring program, including identifying the con trolls, approving the test methodology and reporting processes, and coordinating with stakeholders on its implementation.
• Ensure that systems comply with AO Manual, department, and program office security policies, and the Guide to Judiciary Policy.
• Identify and document security requirements for proposed new systems.
• Perform security review for proposed new systems.
• Prepare and present briefings as a security Subject Matter Expert (SME) as required.

Manage remediation and mitigation efforts for the systems they are responsible for.

• Manage and report on AOUSC IT security risks to information assets to ensure that:
• Identified risks are addressed in a timely manner.
• Risk status is tracked until risk is reduced to an acceptable level
• Create/update Plans of Action & Milestones (POA&Ms)
• Create/update Exception Request Forms (ERFs)
• Create/update Risk Acceptance Memos (RAMs) and manages the renewals, as needed.
• Create/update Risk Mitigation Plans (RMPs)
• Gather documentation in support of remediation/mitigation.
• Appropriately update the current system of record (e.g., CSAM) with remediation/mitigation information

• Expert in-depth knowledge of computer hardware, software, networks
• Expert in-depth knowledge of theories, principles, practices, and techniques of data communications and network management, traffic, and security
• Strong understanding of IT security best practices, and demonstrated ability to analyze, design, and implement security policies and procedures.
• Knowledge of anti-malware and endpoint security controls.
• Knowledge of IPSec and the ability to use it to protect data, voice, and video traffic
• Experience designing security architecture roadmaps
• Excellent written, oral, and interpersonal skills
• Ability to work independently and in a team environment as well as the ability to handle multiple projects and conflicting priorities within strict deadlines

Required Qualifications

• 3 years of experience as an ISSO (preferably for the federal government.)
• 5 years collaborating and reviewing System Security Plans (SSPs), Security Assessment Reports (SARs),
• 3 years of experience with Risk Management Framework (RMF), NIST, FISMA compliance
• 5 years of experience with Application Security testing suites and tools (Like: Tenable Nessus, CyberArk, Application Security testing suites, penetration testing tools, Security Information and Event Management (preferably Splunk), one or more Configuration Management Database (e.g. BMC and/or ServiceNow), API automation, and Identity Management systems USCA23F1020 - Page 21 of 32 (e.g., TACACS, AD, Tivoli, OAuth))
• 3 years of experience with cloud security, including active directory federation services
• 3 years of experience with the CSAM (Cyber Security Assessment and Management) software tool (i.e., specifically the software from the DOJ)
• Bachelor's Degree preferred but not required.

Preferred Qualifications

• Master's degree in computer science or a related field
• CISSP, CISM, or equivalent certification
• Risk Assessment Methods (RAMs), Risk Management Processes (RMPs), Cybersecurity Compliance Certifications (CCCs), Scorecards, and related documents with ISOs and other applicable stakeholders.

Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is 90k to 130k. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate's actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance.

This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

#INDPUBLIC

About NTT DATA Services

NTT DATA Services is a recognized leader in IT and business services, including cloud, data and applications, headquartered in Texas. As part of NTT DATA, a $30 billion trusted global innovator with a combined global reach of over 80 countries, we help clients transform through business and technology consulting, industry and digital solutions, applications development and management, managed edge-to-cloud infrastructure services, BPO, systems integration and global data centers. We are committed to our clients' long-term success. Visit nttdata.com or LinkedIn to learn more.

NTT DATA Services is an equal opportunity employer and considers all applicants without regarding to race, color, religion, citizenship, national origin, ancestry, age, sex, sexual orientation, gender identity, genetic information, physical or mental disability, veteran or marital status, or any other characteristic protected by law. We are committed to creating a diverse and inclusive environment for all employees. If you need assistance or an accommodation due to a disability, please inform your recruiter so that we may connect you with the appropriate team.