Jobs Description

  • SC IT Systems Security Officer
  • Full Time
  • IT
  • SC
  • SC
  • TBD
  • December 10, 2018
  • August 1, 2019
  • December 10, 2019

Job Description: 

The Information Systems Security Officer will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements for a fast growing company. The individual will be responsible for risk and compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, and POA&M management based on the NIST 800 Series Special Publications. They will also be responsible for assisting with federal or customer security audits that may occur during their employment. Our ideal candidate will have demonstrated leadership skills and the ability to influence, educate, and promote information security best practices across the company. 

Duties and responsibilities:

  • Determines appropriate levels of security controls, systems monitoring and security audits for compliance with applicable standards (currently NIST SP 800-171).
  • Provides oversight and training to all employees and partners to create security awareness.  
  • Conducts periodic vulnerability and security risk assessment of the assets of the company.
  • Evaluates proposed changes to a system to ensure the change does not impact the system’s security.
  • Serves as internal point of contact for IT Security in customer or federal audits.
  • Leads incident response including serving as the point of contact for law enforcement and customers should a breach occur.
  • Has experience providing strategic and tactical direction, managing performance/SLA’s for vendor resources.
  • Demonstrates strong analytical, interpersonal, communication, writing and presentation skills.

Requirements:

  • Familiar with NIST 800 series of special publications.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth).
  • Experience working with patch management, network intrusion detection, audit reduction/filtering tool, data-at-rest, and encryption software.
  • Experience installing, configuring, maintaining, and troubleshooting operating system platforms such as Windows 10, Windows Server 2012/2016 to include security configuration knowledge of group and local policies.