Job Description :
Work Location: Woodlawn, MD
Special Requirements: Work Authorization: US Citizen, Green Card, H1-B Visa
Clearance Required: Public Trust Clearance (required prior start)
Role Title: External Compliance Consultant
Duration: Long term contract
Job Description
Overview
Contractor support is requested to perform contractor state agency security
reviews for partner agencies'' systems used in electronic information
exchange to ensure initial and ongoing compliance with client''s (a
government agency) requirements.
The Division of Compliance and Assessments (DCA) performs approximately 100
or more cyclical onsite compliance reviews and approximately 15 onsite
certifications visits annually. The time, effort and resources have
increased to the point that the required travel and administrative
preparation for reviews affects the productivity of our limited staff.
Increasing our staff, augmenting it with contractor support and the
modernization of some of our processes will provide the level of relief we
require.
Federal statutes require triennial reassessments, which will result in an
additional 18 site visits per year. Client recently completed assessments of
contractor hosted external systems used by the agency.
DCA currently accomplishes external compliance reviews via government
personnel. We require contractor services to assist with evaluating the
compliance review process, standard operating improvements and updates to
our automation tools and documenting procedures. We anticipate using the
contractors to participate in the compliance reviews, to include traveling
with our government personnel. Additionally, contractor services will
supplement the current government staff to perform security control testing
at DDS sites and contractor hosted external systems facilities. Government
employees will lead all onsite activities that involve contractors.
Technical Skills
Skill
Years/Level of Experience
Mandatory
Federal laws, OMB / DHS directives, NIST standards and guidelines
2+
NIST 800-53A Rev. 4, NIST 800-53 Rev. 4, NIST 800-37 Rev. 1, NIST 800-30
Rev. 1, NIST 800-39, FIPS
2+
Familiarity / knowledge of existing agreements with partner agencies & SSA
2+
Security policies and procedures development and maintenance
2+
NIST RMF
2+
Project Management
2+
Job Responsibilities
The scope of work shall include the following areas:
1. Risk Management,
2. Risk Analysis,
3. Vulnerability Assessment,
4. Development of Policies and Procedures to support DCA''s Business
Processes for Compliance Reviews for state agencies and DDS
5. Travel to support Security Reviews,
6. Technical Advisory functions,
7. Reviewing DDS System Security Plans (SSP),
8. Onsite Validation and Verification of DDS SSP content,
9. Performing Onsite Security Walkthroughs of DDS facilities,
10. Critical Administrative Support for Reviewers,
11. Modernizing Compliance Review (CRQ) and SDP Questionnaires, and
12. Configuring a Modernized, Robust and User-friendly Assessment
Application/System
Contractors shall perform all tasks in accordance with all applicable
Federal laws, OMB directives, and NIST standards and guidelines.
Education Level
Bachelor''s degree with 2+ years of experience