Work with the VA customer to discover and mitigate cybersecurity risks, understand and apply policies to address requests for information on cyber best practices, conduct modified risk assessments, and provide information system security expertise to ensure the appropriate operational security posture is maintained for research information systems and research study protocols. Develop new policies or addenda to existing research policies that apply minimal appropriate security mitigations in support of research mission objectives. Conduct information security reviews on VA sponsored and industry sponsored clinical trials. Develop security reports, standard operating procedures, and other security policy artifacts and conduct training on research related cyber practices. Work with your client to ensure information security reviews are conducted in accordance with VA Research guidance and directives to help the client ensure that research information systems, applications, research scientific computing devices, and software used in research meet VA and NIST standards. Work with the VA research community and facility ISSOs to ensure clinical studies and trials are protecting veterans' sensitive data. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
5+ years of experience with policy analysis utilizing NIST special publications, including RMF and NIST security controls, such as SP 800-37 and 800-53
Experience with Microsoft Office, including Word and PowerPoint
Experience in applying information security and assurance principles
Experience in security policy-driven approaches for various modalities, including devices, technologies, and platforms, of data storage and transmission
Ability to review and reply to Requests for Information from research partners utilizing current VA Handbooks, Directives, and NIST guidance within a standardized timeframe
Ability to perform risk analysis, vulnerability assessments, and information security reviews in accordance with FISMA reporting
Ability to communicate with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success
Ability to develop and conduct training
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
Bachelor's degree in CS, EE, Engineering, or Technology, and 10+ years of experience working in a professional environment or 18+ years of experience working in a professional environment in lieu of a degree
Experience working directly with clients to provide solutions
Experience with security considerations specific to research environments
Experience with research scientific computing devices, special purpose systems, and operational technology
Experience with the VA
Knowledge of VHA Research and Development Policies, Handbooks and Directives, data security and governance, or HIPAA
Ability to work flexibly in a very fast-paced environment
Possession of excellent customer service and organization skills
Possession of excellent verbal and written communication skills
CAP, CISSP, CISM, PMP, or CCSK Certification preferred
Applicants selected may be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.
The proposed salary range for this position in Colorado is 110,000 to 129,000. Final salary will be determined based on various factors.
At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.