Information Security Risk Specialist

The Challenge:

Serve as a Mid-Level Information Systems Security Officer (ISSO) for appointed systems. Work with system owners, create and maintain Assessment and Authorization (A&A) documentation, including system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones to support Authorization to Operate (ATO) decisions. Capture and refine information security requirements for new systems or for enhanced functionality on an existing system and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC). Implement information security standards and procedures. Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

You Have:

  • 5+ years of experience with an information assurance or cybersecurity

  • Experience with supporting system security and authorization processes

  • Experience with NIST 800-37, NIST 800-53, or Intelligence Community Directive 503 requirements

  • Experience in leading response activities with IT services department

  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements

  • Bachelor's degree

  • Security+ or CISA certification

Nice If You Have:

  • Knowledge of risk and how to measure risk for IT systems

  • Knowledge of IT systems used in healthcare or health research

  • Possession of excellent verbal and written communication skills

Vetting: 

Applicants selected may be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.