Serco is seeking a highly skilled and experienced Information Assurance Officer (IAO) to oversee the day-to-day security operations and compliance of our information systems and IT resources supporting a critical Government contract. The IAO will be instrumental in ensuring that all systems, including facility, training, service delivery, quality assurance, workforce management, and performance monitoring, adhere strictly to Federal IT security policies and standards. This role demands a proactive professional with deep expertise in federal cybersecurity frameworks and a commitment to maintaining a secure and resilient operational environment.

Key Responsibilities:

• Security Incident Management: Immediately report all security incidents in accordance with GSA policy, including providing preliminary reports within 24 hours and comprehensive executive summaries detailing the event, cause, fix, and prevention plan.

• System Evolution & Problem Resolution: Collaborate closely with the Program Manager to ensure systems evolve to meet changing program needs. Identify, document, and report technology-related problems to the Government, providing performance improvement plans for resolution and prevention.

• Compliance & Standards Adherence: Ensure all information systems supporting task requirements meet initial and ongoing security compliance with Federal Information Processing Standards (FIPS) Publication 200 and NIST SP 800-53 security controls, as amended.

• Documentation & Reporting: Oversee the preparation of all required compliance documentation, including Security Plans, Risk Assessments, Contingency and Contingency Test Plans, Configuration Management Plans, System Test and Evaluation Reports, and Security Certification and Accreditation (C&A) packages.

• Continuous Monitoring & Reporting: Prepare ongoing responses to reports, data calls, and updates, such as quarterly Plan of Action and Milestones (POA&Ms), monthly vulnerability scans, server/application analysis, and annual Federal Information Security Management Act (FISMA) reporting.

• Security Integration: Ensure IT security requirements (NIST SP 800-53 controls) are incorporated early in the planning and execution of transition activities and the development of new projects.

• Risk Management: Conduct comprehensive risk assessments, identify vulnerabilities, and develop mitigation strategies to protect sensitive government data and systems.

• Security Architecture Guidance: Advise on strategies for complying with Federal IT security requirements and contribute to the development of robust IT security architectures.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• Minimum of 7 years of progressive experience in Information Assurance or Cybersecurity, with at least 3 years in a Federal Government IT program.

• Demonstrated familiarity with NIST IT security publications, including NIST SP 800-37 (Risk Management Framework), 800-53 (Security and Privacy Controls), and related OMB/NIST/GSA policies.

• Proven experience and expertise in supporting Certification and Accreditations (C&As) for IT systems within the Federal Government, including in-depth knowledge of all controls at the moderate impact level.

• Expertise in conducting vulnerability scans at the operating system, application, and database levels, performing code reviews, and assessing compliance with Center for Internet Security (CIS) benchmarks.

• Experience in completing POA&Ms, FISMA Assessments, and other IT security data calls for Federal IT systems.

• Broad familiarity with processes and security tools to advise on compliance strategies and IT security architecture development, including policies related to HSPD-12 and privacy requirements.

Preferred Skills:

• Relevant industry certifications such as CISSP, CISM, CompTIA Security+, or equivalent.

• Experience with IT vendor management, ensuring third-party compliance with security requirements.

• Strong understanding of contact center architecture, including telephony and IT management aspects.

• Familiarity with cloud security principles and FedRAMP requirements.

• Experience with Governance, Risk, and Compliance (GRC) tools.

• Excellent written and verbal communication skills, with the ability to articulate complex security concepts to diverse audiences.

• Strong analytical and problem-solving abilities.

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco’s 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

To review Serco benefits please visit: https://www.serco.com/na/careers/benefits-of-choosing-serco. If you require an accommodation with the application process please email: careers@serco-na.com or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice.

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email Agencies@serco-na.com.

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.