Information System Security Officer
An information security analyst, specialists, and officers often serve as information security manager or an information system manager. These professionals are charged with protecting the organization’s Information Technology (IT) programs from internal and external threats. Specifically, IT officers are charged with the task of making sure viruses, spyware, bots, or other harmful programs are not used to compromise an organization’s computer system.
Sr. ISSO Role:
- The ISSO ensures client’s information systems are operating and maintained
- The ISSO assists in identifying, implementing, and assessing the common security controls.
- The ISSO actively supports the development and maintenance of the security plan, to include coordinating system changes with the information system owner and assessing the security impact of those changes.
- The ISSO serves as the Technical Advisor’s to the Chief Information Security Officer (CISO) and Information System Owners (ISO) on all areas of cyber security.
Sr. ISSO Qualifications
Master’s Degree or 15 years of IT security, strategic thinker with a strong technical background
Possess a management level 2 certification as well as technical certifications
Experience with and or familiarity with the following documentation:
- Federal System Policies and Handbooks (such as DHS Directive 4300A or 4300B)
- NIST Framework for Improving Critical Infrastructure Cybersecurity
- NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems"
- NIST Special Publication 800-53 Risk Management Framework and Security Control
- FIPS 199 and 140-2
Baseline Certifications Needed (just one)
- Certification Authorization Professional (CAP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- CISSP Associate - this means the individual has qualified for the certification except for the number of years’ experience)
- CompTIA Advanced Security Practitioner (CASP) Continuing Education (CE)
- GIAC Security Leadership Certificate (GSLC)
Other Considerations (just one)
- Security+ Continuing Education (CE)
- System Security Certified Practitioner (SSCP)
- CyberSec First Responder (CFR)
- Certified Ethical Hacker (CEH)
- Information Systems Security Architecture Professional (ISSAP)
- Information Systems Security Engineering Professional (ISSEP)
- Information Systems Security Management Professional (ISSMP)
Certifications From Technology Providers (just one)
- The Linux Foundation
- VM Ware