Provide leadership, knowledge and understanding of FISMA, OMB, NIST and Agency requirements in providing IT Security and Privacy Compliance support. Provide FISMA Program Management Services, Security Certification and Accreditation (C&A) (now known as Assessment & Authorization A&A), Continuous Monitoring, Security Policy and Procedure Development, Security Test and Evaluation (ST&E), Audits and Plan of Action and Milestones (POA&M) Management, Privacy, and Enterprise IT Security. Ideal candidate possesses hands-on FedRAMP experience.
Provide IT security support so that systems can be approved by the Agency’s designated authorizing official(s). Apply knowledge of NIST SP 800-53 Rev 3 and Rev 4 and other germane NIST publications to the Authorization and Assessment process. Collaborate with the client in the review and assessment of the common controls, or the re-working of common controls in light of 800-53 Rev 4. Provide recommendations to the Agency’s policy and technical governance processes to facilitate compliance with applicable laws, regulations etc.
The candidate will have served in a project lead role leading and managing the efforts of a team of at least 4-6 information assurance professionals, including having management responsibilities directly supporting a Federal customer in such role. Such experience will include having had responsibility reviewing deliverables, providing feedback to staff / consultants, and reporting status and progress to the customer.
The candidate is expected to have a solid foundation of technical experience and expertise with tools such as Cyber Security Assessment and Management System (CSAM). The candidate is experienced assessing the impact of proposed changes in policy, processes or tools on the ability of the agency to maintain their FISMA compliance position. The successful candidate must possess strong verbal and written communication skills.
Essential Job Functions
- Provide IT security and privacy program management support, principally centered around FISMA and Privacy Act standards and requirements.
- Task and/or project management lead experience – having led a team of at least 4-5 IT security professionals.
- Review and understand the current security policies, processes and security environment.
- Provide Assessment and Authorization (A&A) support.
- Provide Continuous Monitoring support.
- Identify and address security weaknesses (Monitor Plan of Action and Milestones (POA&M) and POA&M Management.
- Provide security audit support.
- Provide Risk Assessment support.
- Provide Privacy Act compliance support.
- Provide e-Authentication support.
- Provide guidance on 800-53 Rev 3 and Rev 4 compliance requirements and recommendations on how to resolve.
- Ability to manage updates to Systems Security Plans and other related A&A package documentation or perform the review of the package to assure that it is in compliance with agency and federal laws and regulations including OMB, NIST, and FISMA compliance requirements.
- Guide or participate in meetings and customer working groups to address issues related to cyber security compliance, vulnerabilities, and emerging cyber security threats or the implementation of new cyber security mandates.
- Prepare reports and briefings as required and for approval by the Project Manager
- Lead or Serve as a member of a team potentially composed of a mix of people from the client organization and other supporting entities.
- Perform other functions associated with delivering an effective cyber security program to the client.
- 7+ years FISMA experience
- 4+ years of direct experience either developing A&A packages or reviewing them.
- Recent experience providing Continuous Monitoring support.
- 3+ years of experience leading a team of security engineers/analysts performing FISMA compliance assurance.
- Ability to apply NIST 800-53 Rev 3 and migration to Rev 4 compliance requirements to the client’s environment.
- Ability to be effective in a team environment (across entities and geographic locations), presenting issues, clearly explaining issues, and ability to come to an agreed upon resolution of the various concerns/needs of the client.
- Well-developed analytic, qualitative, reasoning skills with demonstrated creative problem solving abilities
- Strong work ethic and motivation with a demonstrated history of ability to work in a dynamic, often high-speed team environment.
- Clear effective oral and written communications skills.
- Ability to operate and lead effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness to client matters and needs
- Occasional local (within the state) travel, evening and weekend hours should be anticipated.
- Cyber Security Assessment and Management System (CSAM).
- Proficiency with Microsoft Office Applications.
- Pen Testing tool experience (e.g., Metasploit, Core Impact/Insight, etc.).
- B.S. in Computer Information Systems, Engineering, Cyber Security, or related subjects
- Must have a minimum of 10 years direct experience or additional years’ experience in lieu of a degree and relevant certification(s).
- Must be able to acquire a Public Trust level of clearance.
Desired Certifications (one or more)
- Certified Information Management System Security Professional (CISSP)
- Certified Accreditation Professional (CAP)
- Certified Information Security Assessor (CISA)
- Project Management Professional (PMP)