Information System Security Officer, ADVISE

DevTech Systems, Inc. (DevTech) is an international consulting firm dedicated to development, with 39 years of experience providing advisory services and technical assistance to government, private sector, and civil society stakeholders in more than 100 countries. DevTech core practice areas include: Monitoring Evaluation, Research and Learning; Data Solutions; Public Financial Management and Fiscal Sustainability; and Education, Gender, and Youth. 

At DevTech, we care deeply about doing work that leads to positive change in the world. We celebrate diverse perspectives and are committed to an inclusive environment. We empower our employees to work autonomously and simultaneously give them the professional support that they need to learn and grow. 

DevTech is looking for an Information System Security Officer (ISSO) to work as an institutional contractor on its Analytics, Data, Visualization, and Information Services (ADVISE) contract with the United States Agency for International Development (USAID). ADVISE staff comprise much of the USAID Data Services team, led by USAID’s Chief Data Officer (CDO) and situated in USAID’s Bureau for Management, Office of the Chief Information Officer (M/CIO). The Data Services team's main purpose is to improve the usage of data and information at USAID, so that the Agency continues to ensure its development outcomes are supported by evidence. Data Services’ work spans the “data lifecycle,” including planning, collection, cleaning, analysis, curation, reporting, and governance.

The ISSO serves as the principal advisor to the Information System Owner (SO), Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system. ISSOs are responsible for ensuring the implementation and maintenance of security controls in accordance with the Security Plan (SP) and Agency policies. In almost all cases, ISSOs will be called on to provide guidance, oversight, and expertise, develop security documents, and implement the security controls. While ISSOs will not actually perform all functions, they will have to coordinate, facilitate, or otherwise ensure certain activities are being performed. As a result, it is important for ISSOs to build relationships with the SO, technical staff, and other stakeholders.

USAID Data Services’ core values are:

• We are passionate, ambitious and care deeply about our work and the USAID mission.
• We are serious about meeting the needs of our customers.
• We are funny. We have fun. And we are human.
• We communicate and close feedback loops.
• We are proactive. We do not wait for success to come find us.
• We are a team who are committed to each other.

In keeping with these core values, we respect and encourage an inclusive and diverse environment in which we see our differences as strengths. We are a team of motivated and responsible self-starters that enjoy working in a team-oriented environment. We are always looking for ways to grow, through feedback, learning, and collaboration.

This position’s place of performance is Washington D.C. with the options for generous U.S. based telework or remote work.

The ISSO will support new and existing IT systems and initiatives within ADVISE. Cybersecurity work will help provide USAID with secure access to data, data science tools, and analytical results and visualizations to accelerate the Agency’s use of diverse data assets and cutting-edge technologies to support the Agency’s mission around the world.

The ISSO will provide support to the design and implementation of cybersecurity processes, tools, and remediation efforts. The ISSO is primarily responsible for supporting existing remediation work, creation of new processes, and the identification of tools to help our organization stay on top of security vulnerabilities.  In addition, the role will require collaborating and working with other security organizations within the CIO’s office.  Other responsibilities include:

• Serve as principal advisor to the System Owner (SO), Business Owner (BO), and the Chief Information Security Officer (CISO) on all system security and privacy matters.
• Maintain system ATO by following the NIST Risk Management Framework to select, implement, document, test, and maintain the security and privacy controls required to authorize and operate information systems within USAID’s ADS Policies.
• Coordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO).
• Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
• Maintain security and privacy operations capabilities sufficient to identify, detect, protect, respond, and recover from security incidents (as per the NIST Cybersecurity Framework) for SA&A.
• Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Qualys, Sona Type and other scan applications.
• Evaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategy.
• Management of emerging and defined risks associated with the administration and use of assigned information systems.

• Master’s degree in STEM-related or Computer Security-related field such as computer science, computer engineering, information technology, Cyber-security, or a related field.
• At least eight (8) years of direct relevant experience.
• Working knowledge of NIST 800 series Special Publications.
• Experience creating and developing cybersecurity artifacts for review & approval.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Awareness of US Government cyber-security policy trends and zero trust initiatives.

The candidate must be a U.S. citizen to qualify for the required U.S. government security clearance for this project. 

NOTE: This job posting should not be construed to imply that the requirements are the exclusive standards of the position nor will it be the sole basis for any subsequent employee evaluations. Incumbents will follow any other instructions and perform any other related duties as may be required by their supervisor. 
 
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions), age (40 and older), physical and mental disability, genetic information (including family medical history) or characteristics, military status, protected veteran status, sexual orientation, gender identity, citizenship or alienage, or any other protected status as established by applicable federal, state, or local law.