- Company Name
- Vista Applied Solutions Group Inc
- Job Title
- Security Analyst
- Job Description
-
Job title: Senior Information Systems Security Officer (ISSO)
Role Summary: Provide independent contracting expertise to lead and execute comprehensive security and compliance initiatives for complex information system environments, aligning with FISMA, NIST, CMS MARS‑E, HIPAA, and related regulations.
Expectations: Deliver proactive oversight, policy development, and continuous improvement of security controls. Coordinate with cross‑functional teams to ensure compliance artifacts are accurate, complete, and audit‑ready. Manage security risks associated with cloud services and vendor relationships.
Key Responsibilities:
- Develop, maintain, and validate System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), and other RMF/A&A documentation.
- Conduct interviews, audits, and assessments to verify RMF artifacts and support Authorization to Operate (ATO) processes.
- Integrate RMF tasks and artifacts (ISSO, Security Control Assessor, etc.) into the System Development Life Cycle (SDLC).
- Advise on risk assessment findings, control implementation, and remediation plans.
- Manage security aspects of cloud services and vendor management, ensuring contractual and technical safeguards.
- Maintain up‑to‑date knowledge of FISMA, NIST, CMS MARS‑E, HIPAA, and related regulatory requirements.
Required Skills:
- Advanced knowledge of the FISMA RMF, NIST SP 800 series, CMS MARS‑E, and HIPAA security rules.
- Experience with System Security Plan development, PIAs, ISAs, CMAs, and authoritative RMF documentation.
- Proficiency in IT security for Windows, Linux, relational/non‑relational databases, networking infrastructure, and web applications.
- Familiarity with eGRC platforms, vendor risk management, and cloud security controls.
- Strong documentation, audit coordination, and stakeholder communication abilities.
Required Education & Certifications:
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field (or 10+ years of equivalent experience).
- Minimum of five years of IT security experience in a FISMA‑compliant environment.
- Valid certifications: ISC² (SSCP, CISSP, or equivalent), ISACA (CISA, CRISC), SANS GIAC, and/or other recognized information security credentials.
- Prior ITIL experience in Information Security Management is preferred.