Information System Security Officer (ISSO)

Description & Requirements

Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs.

Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs.

With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom.

For more information, visit https://www.maximus.com.

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7

Maximus is looking for a Information Systems Security Officer (ISSO) to support a DoD program based out of Arlington, Virginia!

What you will do:



* Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).


* Implement media control procedures and continuously monitor for compliance.


* Verify data security access controls and assign privileges based on need-to-know.


* Investigate all suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).


* Apply and maintain required confidentiality controls and processes.


* Verify authenticator generation and verification requirements and processes.


* Execute media sanitization (i.e., clearing, purging, or destroying) and reuse procedures.


* Execute processes and procedures for protecting CUI, SAP, SCI, and PII.


* Responsible for creation and management of Body of Evidence (BOE)


* Maintain privilege access control logs


* Creation and management of Interconnection Security Agreements (ISA)


* Ensure JSIG compliance of application within multiple accredited boundaries.


* Track vulnerabilities by creating Plan of Action and Milestones (POA&M)


* Manage the configuration and documentation contained in the program's instance of Enterprise Mission Assurance Support Services (eMASS).


* Maintain and manage continuous monitoring of DoD STIG compliance.


* Enforce the continuous monitoring strategy using tools such as Splunk, Oracle Cloud Control, ACAS reports, scripts to perform database/application user/privilege review, etc.


* Code Reviews for database and application development and configuration management activities, established by the Change Management Plan and Change Management Working Group.


* Demonstrate a detailed ability to analyze events or test results and prepare a POA&M.


* Demonstrate the ability to integrate project management, configuration management, continuous monitoring, and POA&M processes.


* Demonstrate a detailed ability to prepa...