Information Systems Security Officer (ISSO) SME - U.S. Citizenship Required

Position DescriptionCGI is one of the top five largest global IT companies, operating in 40 countries. CGI Federal is hiring an SME-level Information System Security Officer (ISSO) for FIPS 199 moderate- to high-impact cloud systems (IaaS, PaaS, or SaaS) to support a high-visibility Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) program. The role focuses on improving the cybersecurity posture of civilian government agencies through implementation and enhancement of a cybersecurity platform, integration services, and the development, securing, and maintaining cybersecurity dashboards.Location: Fairfax, VA or Lafayette, LA, with a hybrid working model. The position requires office presence two days per week.Future duties and responsibilitiesOperate the continuous monitoring program, develop, update, and maintain system security documentation, and implement security policies and procedures to support continuous monitoring.Participate in the SDLC to integrate NIST 800-37 Risk Management Framework (RMF) activities into appropriate phases.Integrate security into configuration management and system development life-cycle processes (waterfall, Agile, DevSecOps).Support NIST 800-37 RMF and associated processes, as well as ITIL guidelines, to achieve and maintain systems' Authority to Operate (ATO).Conduct security control assessments in alignment with NIST RMF (SP 800-53, 800-37) and federal security requirements.Support Authorization & Assessment (A&A) activities and prepare systems for initial authorization, reauthorization, and ongoing assessments.Implement policies and processes for continuous monitoring to maintain system ATO.Conduct routine vulnerability scans in accordance with federal security standards and document results for remediation.Validate POA&M artifacts and verify closure of security findings through evidence review and follow-up assessments.Provide expert guidance on security control inheritance, boundary definitions, and system categorization to ensure accurate authorization packages.Coordinate security remediation activities, schedules, and milestones with stakeholders; establish risk and mitigation strategies; and communicate status.Update and maintain system security documentation.Conduct risk and vulnerability assessments on changes to system architecture.Participate in Change Control Boards (CCB) and provide analysis and recommendations based on changes affecting the system's security posture.Serve as the primary liaison between CISA and the Cloud Service Provider (CSP) on all security-related matters.Work with minimal supervision, lead teams, and take on increased responsibility as required.Required QualificationsU.S. citizenship and ability to obtain and maintain a DHS CISA EOD/Public Trust clearance.Bachelor's degree and 10+ years of experience working on cybersecurity teams for enterprise cybersecurity shared-services or cloud programs.Continuous monitoring experience with moderate- and high-impact systems.Experience with Federal Risk and Authorization Management Program (FedRAMP) cloud-related projects.Working knowledge of the following NIST Special Publications (in priority order): 800-37 (Risk Management Framework), 800-53 (Security & Privacy Controls), 800-18 (System Security Plans), 800-30 (Risk Assessment), 800-137 (Continuous Monitoring).Working knowledge of Federal Information Processing Standards (FIPS), particularly FIPS 199 (Security Categorization).Alternative knowledge of DoD Information Technology Security Certification and Accreditation Process (DITSCAP), DoD Information Assurance Policy 8500.1, the RMF, or NSA Information Assurance process if no NIST experience.Experience with vulnerability-management and security-auditing tools such as Tenable or similar.Experience updating and maintaining Plans of Action and Milestones (POA&Ms).Demonstrated understanding of IT security principles, concepts, policies, and regulations.Demonstrated ability to effectively document security controls.Proficiency with Microsoft Word, Excel, and Microsoft Project.Desired QualificationsExperience supporting FedRAMP authorization and maintaining required security documentation.Technical/development background.Experience with DevSecOps as an ISSO or security tester.Relevant certifications such as CISSP, CGRC (formerly CAP), CCSP, CRISC, CISM, CEH, or others.Experience with CISA's Continuous Diagnostics and Mitigation (CDM) program.Compensation range: $100,800.00 - $245,500.00.BenefitsCompetitive compensation.Comprehensive insurance options.Matching contributions through the 401(k) plan and the share purchase plan.Paid time off for vacation, holidays, and sick time.Paid parental leave.Learning opportunities and tuition assistance.Wellness and well-being programs.Qualified applicants will receive consideration for employment without regard to race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation, gender identity, or any other legally protected status or characteristics to the extent required by applicable federal, state, and/or local laws.CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com with the Position ID included.All offers of employment in the U.S. are contingent upon completion of a background investigation.J-18808-Ljbffr