Job Description :
JOB DESCRIPTION
Federate Systems is looking for an Information Security Specialist to support one of our federal clients. Selected candidate will support scheduled OIG audits and compliance by providing coordination and guidance with agencies and System Owners. Provide necessary leadership, execution and support of compliance activities related to Federal Information Technology security mandates including but not limited to: Federal Information Management Security Act (FISMA), Federal Information System Control Audit Manual (FISCAM), Presidential Directives (PD) 63 and 67, Public Law 100-235, Office of Management and Budget (OMB) A-123, OMB A-127, and OMB A-130.
JOB RESPONSIBILIIES:
Manage day-to-day security operations, including assisting on investigative matters related to information security as requested
Prepare scheduled FISMA reports
Conduct Plan of Action and Milestones (PO&AM) reviews, oversight and reporting as well as Privacy Impact Assessments
Coordinate data collection, analysis and reporting for IT security data calls, Freedom of Information Act (FOIA) Requests, Incident reports
Perform security assessments and review system security documentation
Develop, review, and update Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by the client.
Maintain and manage the required systems security documentation on Cyber Security Assessment and Management (CSAM) system. Minimum documentation includes:
o System Categorization Worksheets (SCW)
o Privacy Impact Assessments (PIA)
o Security Control Assessments (SCA)
o System Security Plans (SSP)
o Risk Assessments (RA)
o Contingency Plans (CP) and testing
o Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization
o Security Control Test & Evaluation (SCT&E)
o Certification
o Disposition plans
o Annual and quarterly security documentation review and testing
o ATO certifications and re-certifications
o Security Self Assessments (SSA)
o Memoranda of Understanding (MOU)
o Interconnection Security Agreement(s)
Assist system owners and representatives with use of CSAM as it pertains to the management of their system’s security documentation
Coordinate with departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)
Develop IT security policies
Conduct System Owner training on a regular basis
Manage the Computer Security Awareness Training and Role-Based Training projects
Develop, review, update and publish Rules of Behavior
Develop and implement information sharing regarding cyber security best practices and common vulnerabilities
Prepare and publish monthly cyber security newsletters
Administer and manage the site and content blocking, event monitoring, network intrusion detection systems
Conduct, as needed, system penetration testing, vulnerability assessment, and security risk analysis
Support process, technical and R&D activities
Conduct research of new technologies, systems and processes to make recommendations on the enhancement of the security posture
Perform research and preliminary proof-of-concept testing of security tools
Prepare and submit SAR responses
REQUIRED EDUCATION, SKILLS AND EXPERIENCE:
Associate''s degree from an accredited college or university required, equivalent experience considered in lieu of degree
Bachelor’s degree from an accredited college or university preferred
At least five (5) years of IT security experience required
At least five (5) years of experience performing A&A work required
At least five (5) years of experience conducting FISMA, FISCAM, audits, as well as developing Systems Security Plans (SSP), Privacy Impact Assessments, Contingency Plans and certifications (ATO, C&A) required
Knowledge of NIST Risk Management Framework
Excellent attention to detail capability
Excellent oral and written communication skills
Ability to work in a fast-paced, dynamic environment
Ability to interface with all levels of management
Ability to perform complex tasks with minimal supervision and guidance
Excellent time management, scheduling, and organizational skills
Ability to work well independently or in a team setting
Knowledge of Security Practices and processes
Working knowledge of Security Assurance, Controls and Compliance programs within the federal space
Preferred Skills:
ECouncil – Certified Ethical Hacker (CEH)
CISSP
ISACA – Certified Information Security Manager (CISM)
ITIL v3 Foundation, IT Service Management (ITSM)
Knowledge of change management, COOP and disaster recovery, backup and recovery strategy and enterprise cloud