Information System Security Officer (ISSO)

Perform ISSO tasks in accordance with NIST SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (RMF). Ensure that the appropriate operational cybersecurity posture is maintained for assigned IT systems. Develop, update and maintain the System Security and Privacy Plan (SSPP) and all associated documents for assigned systems. Participate in Contingency Plan, Recovery Plan and Incident Response training and tests for assigned IT systems. Participate in Incident Response activities for assigned IT systems. Serve as a principal advisor on assigned IT system(s) and brief on all matters, technical and otherwise, involving the cybersecurity posture of the system - including notifications to the business owner and RISSM of any changes that increase the risk to Reclamation operations, assets or individuals. Work with technical teams to mitigate security control deficiencies for assigned IT systems. Assess the cybersecurity impact of changes to assigned IT systems. Update hardware and software inventories to reflect changes to assigned IT systems as needed. Conduct annual assessment activities in accordance with Annual Assurance Statement requirements. Participate in security assessments and audits for assigned IT systems as required. Provide technical cybersecurity expertise on IT operational projects throughout the Software Development Lifecycle