[Hiring] Information Security Systems Officer @Navitas

Role Description

As an Information System Security Officer (ISSO), you will provide security support for DOJ’s external customers, ensuring an appropriate operational security posture for information systems. You will work closely with the Director of Information System Security to advise on cybersecurity policies, compliance, and risk management while supporting the ongoing security of DOJ/OIG systems.

• Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results.
• Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies.
• Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA).
• Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM.
• Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts.
• Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies.
• Monitor and execute operations and maintenance of information systems, including secure system disposal.
• Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans.
• Conduct vulnerability scans, review security reports, and implement remediation strategies.
• Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools.
• Ensure all security assessment and audit reports are properly uploaded in CSAM.
• Participate in configuration management processes, policy audits, and system log reviews.
• Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks.

Qualifications

• Minimum 5 years of experience as an ISSO.
• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience).
• Security+ or equivalent/higher-level certification (current).
• Strong understanding of Information Security Policies and Procedures.
• Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance.
• Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies.
• Proficiency in security tools, risk assessments, and vulnerability management.

Requirements

• Knowledge of Security Incident Analysis and Forensics.
• Experience with Software Development Lifecycle (SDLC) security practices.
• Strong policy and memo writing skills.
• Effective problem-solving, time management, conflict resolution, and teamwork skills.
• Hands-on experience with CSAM, GRC tools, and automated security scanning tools.
• Ability to lead security compliance efforts across multiple systems.

Company Description

Since our inception back in 2006, Navitas has grown to be an industry leader in the digital transformation space, and we’ve served as trusted advisors supporting our client base within the commercial, federal, and state and local markets.

At our very core, we’re a group of problem solvers providing our award-winning technology solutions to drive digital acceleration for our customers!