Information Systems Security Officer

The Information Systems Security Officer will play a critical role in ensuring the security and integrity of the Department of Veterans Affairs' (VA) Identity Governance and Administration (IGA) system. This individual will be responsible for supporting the implementation, maintenance, and ongoing security of the IGA solution, with a focus on achieving and maintaining Authority to Operate (ATO) and adhering to strict federal cybersecurity standards.

ATO Support: Assist in obtaining and maintaining the Authority to Operate (ATO) for the IGA tool (Saviynt Enterprise Identity Cloud). This includes supporting Risk Management Framework (RMF) steps and ensuring compliance with VA security requirements and best practices.
• Security Implementation and Integration: Support the implementation and integration of the enterprise IGA solution with other VA systems, ensuring secure connections and data management.
• Vulnerability Management: Ensure security fixes are implemented and do not negatively impact systems.
• Security Compliance: Ensure that the IGA solution complies with federal cybersecurity standards, VA Identity, Credential, and Access Management policies, and NIST guidelines. This includes ensuring Personal Identity Verification (PIV) card enablement, supporting Identity Assurance Levels (IAL) and Authenticator Assurance Levels (AAL), and implementing two-factor authentication.
• Risk Management: Identify and mitigate potential security risks, ensuring that outcomes that should be avoided are addressed through careful planning, stakeholder engagement, and robust testing.
• Incident Response: Respond to and report security incidents, including providing detailed incident summaries, cooperating with investigations, and implementing remediation measures.
• Documentation and Reporting: Maintain comprehensive documentation related to security configurations, processes, and incidents. Provide regular reports on security activities, system performance, and compliance efforts.
• Training and Awareness: Promote security awareness and ensure that all personnel adhere to security policies and procedures.

• Bachelor's degree in Computer Science, Information Systems, or a related field.

• Strong understanding of information security principles, practices, and technologies.
• Experience with Identity Governance and Administration (IGA) systems and concepts.
• Knowledge of federal cybersecurity standards, NIST guidelines, and VA security policies.
• Experience with Risk Management Framework (RMF) and Authority to Operate (ATO) processes.
• Ability to identify and mitigate security risks and vulnerabilities.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work effectively in a team environment.
• Experience with Agile1 development methodologies.

• Relevant security certifications (e.g., CISSP, CISM, Security+) preferred.

• Must be able to obtain and maintain a security clearance.
• Must be a U.S. Citizen or be authorized to work in the U.S.