DXC Technology Information Systems Security Officer - Top Secret Clearance in Washington, District Of Columbia
Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The best corporate citizens globally. DXC Technology (NYSE: DXC) is the world’s leading independent, end-to-end IT services company’s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise
For more information, visit www.dxc.technology at http://www.dxc.technology/
DXC Technology has an immediate need in our US Public Sector group for a Information Systems Security Officerin Washington, DC.
The LES Information System Security Officer leads the Audit, Compliance and Business Relations Management Team and reports to the Assistant Director of the Law Enforcement Services.
Performing annual-assessments, at a minimum, on an annual basis to ensure compliance with Department of Justice policy and standards.
Developing, assessing and updating the SSP for LES IT systems to ensure it provides a set of IT security controls that are adequate to meet all applicable IT security requirements.
Coordinating with information system owners, common control providers, and Information System Security Officers (ISSOs) on the inheritance of security controls for hybrid, or common controls.
Assessing the extent to which all IT systems processing, storing, and/or transmitting of information meet IT security requirements, in accordance with Department of Justice and component policies.
Completing the Security Assessment Report, including a summary of the assessment performed, any comments on the assessment, and the assessment recommendations to the Authorizing Official. Preparing Security Authorization documentation.
Providing recommended corrective actions to reduce the risk associated with the operation of the IT system to an acceptable level.
Day-to-say Security resource to the LES IT Information System Owner (and/or designees) and LES Operations teams for consultation on a range of security-related issues thru the LES IT systems life-cycle including, for example:
o Establishing information system boundaries.
o Assessing the severity of weaknesses and deficiencies in the information system, and the establishing of Plan of Actions and Milestones (POA&Ms).
o Risk mitigation approaches, security alerts, and potential adverse effects of identified vulnerabilities.
o How to operate, maintain, and dispose of in accordance with IT security policies outlined in the approved security authorization package.
o Promoting that the LES IT systems security requirements are addressed during all phases of an IT systems lifecycle.
o Assisting in the identification of the IT systems IT security requirements.
o FISMA and other security audits.
Assessing changes to the IT system, its environment, and operational needs that may affect its authorization status. Providing feedback to the LES ISSO on LES IT systems changes, on the security impact of those changes, including those brought to the Configuration Control Board (CCB).
In conjunction with the LES ISSO, reviewing of LES Projects and Releases in accordance with the DOJ OCIO ISO 20000 program.
Reporting and/or directing reporting on LES IT security-related incidents.
Providing on-going support for LES IT systems Contingency Planning and Incident Response Requirements.
Working with the LES IT systems Operations teams to ensure audit logs are retained in accordance with Department of Justice and DOJ Component policies.
Coordinating IT security related issues with the ISSO.
Drafting and/or reviewing LES IT systems Initial Privacy Impact Assessments (IPA).
Drafting and/or reviewing LES IT system Privacy Impact Assessments (PIA).
Drafting, updating, and/or reviewing LES Memorandum of Understanding (MOU), and Interconnection Security Agreements (ISA).
Drafting, and/or reviewing of Waiver requests including Risk-based-decision (RBD) waivers.
Drafting RIMCert for LES IT systems and obtain acceptance from the OCIO Records Management team.
Preparing reports, briefings, and other security related documentation for LES and SDS Management.
DXC Technology is EEO F/M/Protected Veteran/ Individual with Disabilities