Information Assurance Systems Officer, Information Services

Job Overview

The Information Assurance Systems Officer (IASO), Information Services (IS) supports cybersecurity and risk management initiatives across enterprise unclassified systems. The IASO plays a central role in protecting information assets, ensuring compliance with federal, state and local cybersecurity requirements (e.g., NIST 800-171, CMMC), and maintaining a strong security posture through effective use of Governance, Risk, and Compliance (GRC) tools. This includes conducting audits, analyzing sensitive data, and collaborating with various teams to implement and maintain security measures. The IASO identifies vulnerabilities, recommends improvements, and provides expert guidance on cybersecurity matters while staying informed about emerging threats and trends. This IASO role is responsible for CMMC practices (Cybersecurity Maturity Model Certification) as a member of the Information Services (IS) Information Security Cybersecurity Team.

Responsibilities

Cybersecurity System Security and Compliance across the enterprise unclassified systems:

• Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices.
• Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms).
• Coordinate security authorization and compliance activities across IT systems and applications.

Cybersecurity and Security Reviews & Continuous Improvement:

• Perform ongoing security reviews of applications, infrastructure, and business processes to verify compliance and identify improvements.
• Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, DevOps, and business teams
• Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations.
• Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99).
• Collaborate with system and network administrators to ensure audit features are configured and enabled correctly.

Third-Party IT Security Oversight:

• Conduct third-party/vendor security assessments as part of the procurement and onboarding process.
• Review supplier security documentation and manage risks associated with external data sharing and service providers.

Incident Support:

• Participate in incident response activities, including documentation, coordination, and lessons learned reviews.
• Help improve incident detection, containment, and prevention through policy, training, and technical improvements.

GRC & Risk Management Support:

• Utilize GRC tools to document and track risk assessments, policy compliance, and mitigation efforts.
• Identify and evaluate risks to information assets; assist in the development of risk treatment and remediation plans.
• Review policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline
• Collaborate with internal stakeholders to ensure alignment of technical and administrative controls with risk management strategies.

IT Security Awareness & Training:

• Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices.
• Ensure training completion and maintain accurate compliance records; other duties as assigned.

  Are you interested in this position?

  Apply by clicking on the “Apply Now” button below!

  #AlbionarcJobs#FintechJobs

  #AsiaJobs#MiddleEastCareers

  #TechTalent#FintechRecruitment

  #FinanceOpportunities#